I think this is what you want.
>Return-path: <[log in to unmask]>
>Date: Tue, 20 Jan 2004 11:35:18 -0500
>Reply-To: Doug Nelson <[log in to unmask]>
>Sender: MSU Network Administrators Group <[log in to unmask]>
>From: Doug Nelson <[log in to unmask]>
>Subject: Re: [MSUNAG] Central VPN access server now available
>To: [log in to unmask]
>
>Jeff Bowes writes:
>
>> At this point I am blocking access to most ports on PCs in my Windows
>> domain from sources outside of a short list of allowed IP ranges. These
>> IP ranges basically consist of Physics and Astronomy "owned" static and
>> DHCP addresses. To help outside users access the domain from a source
>> outside the allowed range I run a VPN server of my own, but I've found
>> that the VPN solution provided by Microsoft is sometimes not as reliable
>> as I'd like.
>>
>> It would be helpful for me if you were to let us know the range of
>> addresses that are assigned by the central VPN server so I can allow
>> them through my IPSec policies. This way I can give my VPN users the
>> option of using the central solution when it goes public.
>>
>> It seemed apparent from discussions at the last NAG meeting that other
>> folks on campus are firewalling or otherwise blocking ports (or planning
>> to do so soon) to machines in their specific departments, and they would
>> also find this information helpful.
>>
>> If this information is already publicly available somewhere then feel
>> free to find me and slap me at your earliest convenience.
>
>No, we haven't published this yet. I should put that on the VPN information
>pages. The VPN service will use IP's in the range 35.12.64.0 through
>35.12.95.255. I'm sure we won't use all of those IP's, but I have reserved
>them for the VPN service.
>
>Doug
>
>
>Doug Nelson [log in to unmask]
>Network Manager Ph: (517) 353-2980
>Computer Laboratory http://www.msu.edu/~nelson/
>Michigan State University
At 10:41 AM 9/30/2004, Lee Duynslager wrote:
>Has anybody out there configured a firewall on a msu server or machine to
>permit access via VPN?
>
>The reason I ask is that if you could provide me with the minimal list or
>range of IP addresses that will have to be added to the firewall rules so
>that users connecting via vpn can access that server?
>
>Thanks,
>
>Lee
--Chris
==============================================
Chris Wolf Computer Service Manager
Agricultural Economics [log in to unmask]
Michigan State University 517 353-5017
|