3.2 From the Internet to the LAN
It is also possible to set up a PPTP VPN Server on the LAN side of your Gateway, for
remote users on the Internet to access. In this case, the firewall and Network Address
Translation (NAT) features of your Gateway mean that it will not appear transparent
to the VPN traffic.
On the Gateway, it will be necessary to allow the VPN traffic through from the
Internet. This can be done by setting up a Virtual Server to allow traffic on port 1723
to the PPTP server on the LAN.
Note that setting up the Virtual DMZ feature to direct all inbound traffic to the PPTP
server will also work, although this will be less secure than a Virtual Server.
It addition to setting up a Virtual Server or DMZ, 3Com recommends that the PC
Privileges feature of the Gateway should be configured so that the PPTP server has no
restrictions imposed on it.
As the Gateway always performs Network Address Translation, it will not be possible
to see the IP address of the VPN server from the Internet. Thus, if the VPN client is
told to use the actual IP address of the PPTP server, the connection attempt will fail.
The Virtual Server and DMZ features of the Gateway route traffic sent to the Internet
IP address of the Gateway to the appropriate PC on the LAN. As a result, the PPTP
client must be configured with the Gateway Internet IP address. If your ISP provided
you with a static IP address, this will be the address that they assigned to you. If,
however, they provide your Internet Settings automatically, you will need to look up
your IP address on the “Status” page in the Web management interface.
Note that if your settings are provided automatically, your Internet IP address may
change from time to time. Your ISP will set the frequency of this change.
Also note that if you use PPPoE to connect to the Internet, the “Connection Timeout”
should be set to “forever”. If your connection times out, it will only be possible to
reconnect from the LAN side of the Gateway, and so all VPN connection attempts
will fail.
4 L2TP (Windows 2000)
4.1 From the LAN to the Internet
Microsoft Windows 2000 includes support for both PPTP and L2TP VPN’s. The
L2TP VPN implementation in Windows 2000 is not compatible with devices that
perform Network Address Translation, and hence L2TP VPN’s are not supported by
the Gateway in either direction.