Wireless setup - Nested VPN - can anyone help?

Hi Folks,

My situation - I have a home network connected to the internet via a
Speedstream
EN5861 Adsl router. My home network is further protected by an IPCop
(stateful)
firewall which sits between the home network switch and the EN5861.

My laptop runs among other things the Cisco VPN client, which I use to
connect to the corporate network via VPN.

I've just treated myself to a wireless access point (D-Link DWL-2000AP)
and a wireless card (D-Link DWL-G650) for the laptop. and have set all the
possible security options; I am somewhat concerned however about the
security of WEP, given that the keys (128 bit) can be cracked fairly easily
using Linux software freely available on the Net.

What I've done therefore is to build a dual-homed gateway machine with a 365
day eval copy of Windows 2003 server, which I've configured as a VPN server.
One NIC goes into my home network, and the other NIC is connected via a
cross over cable to the wireless access point. The NIC connected to the
access point is configured to only accept VPN connections.

So with this setup, I connect to the access point using the wireless NIC in
my laptop, establish a VPN session using the Microsoft vpn adapter (PPTP) to
the Windows 2003 server, which then allows me secured access to all the
resources on my home network including the internet. Sweet!

Everything works fine except the Cisco VPN client software I mentioned
early. The Cisco client connects to the remote gateway and hangs while
negotiating security protocols. The existing VPN connection from my laptop
to my Windows 2000 VPN gateway is then dropped

I suspect the problem is due to my attempting to nest VPNs. I'm a bit of a
newbie to VPN technology so I'm not sure if what I'm attempting (nesting
VPNs) is actually possible!

If anyone has done anything remotely like this before I'd really appreciate
any advice.

thanks & best wishes

--
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam

I don't think nesting is the issue. It is the Cisco VPN client that
is the problem. I use this setup with the Celestix RAS3000 appliance
(uses a special version of Windows 2003) and everything works fine.
At home I have the same setup as you and I connect to the RAS3000
using Windows VPN client. Cisco VPN client is a shim based VPN
client, which causes all sorts of problems because it makes
modifications to Windows TCP/IP stack.

The Celestix RAS3000 is a unique remote access product, it has 3
additional ports to connect wireless APs/network. Allows you to use
the ubiquitous windows native VPN client to secure wireless traffic
instead of relying on WEP. You can find more info on the Celestix RAS
product at:

www.celestix.com/products/ras

James

"Trust No One®" <(E-Mail Removed)> wrote in message news:<bnl5fr$12k34v$(E-Mail Removed)>...
> Hi Folks,
>
> My situation - I have a home network connected to the internet via a
> Speedstream
> EN5861 Adsl router. My home network is further protected by an IPCop
> (stateful)
> firewall which sits between the home network switch and the EN5861.
>
> My laptop runs among other things the Cisco VPN client, which I use to
> connect to the corporate network via VPN.
>
> I've just treated myself to a wireless access point (D-Link DWL-2000AP)
> and a wireless card (D-Link DWL-G650) for the laptop. and have set all the
> possible security options; I am somewhat concerned however about the
> security of WEP, given that the keys (128 bit) can be cracked fairly easily
> using Linux software freely available on the Net.
>
> What I've done therefore is to build a dual-homed gateway machine with a 365
> day eval copy of Windows 2003 server, which I've configured as a VPN server.
> One NIC goes into my home network, and the other NIC is connected via a
> cross over cable to the wireless access point. The NIC connected to the
> access point is configured to only accept VPN connections.
>
> So with this setup, I connect to the access point using the wireless NIC in
> my laptop, establish a VPN session using the Microsoft vpn adapter (PPTP) to
> the Windows 2003 server, which then allows me secured access to all the
> resources on my home network including the internet. Sweet!
>
> Everything works fine except the Cisco VPN client software I mentioned
> early. The Cisco client connects to the remote gateway and hangs while
> negotiating security protocols. The existing VPN connection from my laptop
> to my Windows 2000 VPN gateway is then dropped
>
> I suspect the problem is due to my attempting to nest VPNs. I'm a bit of a
> newbie to VPN technology so I'm not sure if what I'm attempting (nesting
> VPNs) is actually possible!
>
> If anyone has done anything remotely like this before I'd really appreciate
> any advice.
>
> thanks & best wishes

james K wrote:
> I don't think nesting is the issue. It is the Cisco VPN client that
> is the problem. I use this setup with the Celestix RAS3000 appliance
> (uses a special version of Windows 2003) and everything works fine.
> At home I have the same setup as you and I connect to the RAS3000
> using Windows VPN client. Cisco VPN client is a shim based VPN
> client, which causes all sorts of problems because it makes
> modifications to Windows TCP/IP stack.
>
Thanks for the reply. I think you're spot on about all the modifications
that the Cisco VPN client makes, and generally this piece of software seems
to be a huge headache

Short of changing my hardware I'll probably have to install the Cisco VPN
client on one of the other machines (wired) on my home network, and connect
to this machine using terminal services through the VPN over the wireless.
Convoluted but should hopefully tide me over.

--
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam

"james K" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I don't think nesting is the issue. It is the Cisco VPN client that
> is the problem. I use this setup with the Celestix RAS3000 appliance
> (uses a special version of Windows 2003) and everything works fine.
> At home I have the same setup as you and I connect to the RAS3000
> using Windows VPN client. Cisco VPN client is a shim based VPN
> client, which causes all sorts of problems because it makes
> modifications to Windows TCP/IP stack.

Have a look at the version of cisco client and on their web site.

Cisco have changed the way the client ties into the windows IP stack from V4
to make the client more flexible - it may fix your issue.
>
> The Celestix RAS3000 is a unique remote access product, it has 3
> additional ports to connect wireless APs/network. Allows you to use
> the ubiquitous windows native VPN client to secure wireless traffic
> instead of relying on WEP. You can find more info on the Celestix RAS
> product at:
>
> www.celestix.com/products/ras
>
> James
>
> "Trust No One®" <(E-Mail Removed)> wrote in message
news:<bnl5fr$12k34v$(E-Mail Removed)>...
> > Hi Folks,
> >
> > My situation - I have a home network connected to the internet via a
> > Speedstream
> > EN5861 Adsl router. My home network is further protected by an IPCop
> > (stateful)
> > firewall which sits between the home network switch and the EN5861.
> >
> > My laptop runs among other things the Cisco VPN client, which I use to
> > connect to the corporate network via VPN.
> >
> > I've just treated myself to a wireless access point (D-Link DWL-2000AP)
> > and a wireless card (D-Link DWL-G650) for the laptop. and have set all
the
> > possible security options; I am somewhat concerned however about the
> > security of WEP, given that the keys (128 bit) can be cracked fairly
easily
> > using Linux software freely available on the Net.
> >
> > What I've done therefore is to build a dual-homed gateway machine with a
365
> > day eval copy of Windows 2003 server, which I've configured as a VPN
server.
> > One NIC goes into my home network, and the other NIC is connected via a
> > cross over cable to the wireless access point. The NIC connected to the
> > access point is configured to only accept VPN connections.
> >
> > So with this setup, I connect to the access point using the wireless
NIC in
> > my laptop, establish a VPN session using the Microsoft vpn adapter
(PPTP) to
> > the Windows 2003 server, which then allows me secured access to all the
> > resources on my home network including the internet. Sweet!
> >
> > Everything works fine except the Cisco VPN client software I mentioned
> > early. The Cisco client connects to the remote gateway and hangs while
> > negotiating security protocols. The existing VPN connection from my
laptop
> > to my Windows 2000 VPN gateway is then dropped
> >
> > I suspect the problem is due to my attempting to nest VPNs. I'm a bit of
a
> > newbie to VPN technology so I'm not sure if what I'm attempting (nesting
> > VPNs) is actually possible!
> >
> > If anyone has done anything remotely like this before I'd really
appreciate
> > any advice.
> >
> > thanks & best wishes
--
Regards

Stephen Hope - remove xx from email to reply