From: Chris G 

I've had to set up a Win2K VPN using RRAS for members in the field at my
client, including myself.  I am originating from a cable modem and passing
through a Cisco Pix 515 firewall that forwards the gre and Port 1723
packets to the VPN server.  Works like a champ, when I have the users set
up right in AD.  I also use DHCP to offer addresses.  The DHCP server and
RRAS servers are different boxes.

In your case, if you can set up a Win2K server at each site, it can
establish the VPN and provide your internet connection sharing, although
this can also be accomplished in properly updated Win98SE boxes.  As
someone said earlier, it might be easier to use Static IP, but I prefer
DHCP.

Just my thoughts...

73's de
K7SLE(Chris)



John Beckett  wrote in
news:3e8e9b35.26842717{at}216.144.1.254:

> Thees Peereboom  wrote in message
> news::
>> A friend has the following problem: His company has an office in A
>> with about 20 workstations and a W2K server which is also PDC adn
>> DNSserver. The workstations are w98. ...
>
> What device provides the VPN service? Like Rich, I would suspect there
> is a configuration problem or inherent limit if the box is a VPN
> gadget.
>
> Using W2k techniques, you would have a RRAS (routing and remote access
> service) server provide VPN.
>
> If you configured RRAS for, say, 20 VPN clients, it would (by default)
> get 21 IP addresses from the local DHCP server. The first of these
> would be for the RRAS VPN connection. The other 20 would be for the
> VPN clients. The DHCP server would show the 21 leases with an icon
> that includes a phone.
>
> When a client connected, RRAS would provide the next already-obtained
> IP to the client as part of the PPP negotiation. The effect would be
> that all clients appear to be on the same subnet as the RRAS server.
>
> What I am less clear on is how you would do the above with dedicated
> VPN boxes.
>
> The logon delay is almost certainly due to timeouts by the client as
> it tries (stupidly) to use DNS to locate the domain controller. This
> will only work if the user logs on while selecting the "use VPN" logon
> option (I forget the wording for this, perhaps "use dial-up").
>
> John
>

--- BBBS/NT v4.01 Flag-4