LISTSERV 16.0 - MSUNAG Archives

Subscriber's Corner

Email Lists

MSUNAG Archives

MSUNAG@LIST.MSU.EDU

View:

Message:

[

First

Last

]

By Topic:

[

First

Last

]

By Author:

[

First

Last

]

Font:

Proportional Font

		LISTSERV at MSU
		MSUNAG Home
		MSUNAG September 2004

Subject:

Re: Allowed IP addresses for VPN access

From:

Doug Nelson <[log in to unmask]>

Reply-To:

Doug Nelson <[log in to unmask]>

Date:

Thu, 30 Sep 2004 14:42:35 -0400

Content-Type:

text/plain

Parts/Attachments:

text/plain (81 lines)

I have just added this to the published VPN instructions, at:

http://network.msu.edu/public/vpn/#Server

Doug



> I think this is what you want.
>
> >Return-path: <[log in to unmask]>
> >Date: Tue, 20 Jan 2004 11:35:18 -0500
> >Reply-To: Doug Nelson <[log in to unmask]>
> >Sender: MSU Network Administrators Group <[log in to unmask]>
> >From: Doug Nelson <[log in to unmask]>
> >Subject: Re: [MSUNAG] Central VPN access server now available
> >To: [log in to unmask]
> >
> >Jeff Bowes writes:
> >
> >> At this point I am blocking access to most ports on PCs in my Windows
> >> domain from sources outside of a short list of allowed IP ranges.  These
> >> IP ranges basically consist of Physics and Astronomy "owned" static and
> >> DHCP addresses.  To help outside users access the domain from a source
> >> outside the allowed range I run a VPN server of my own, but I've found
> >> that the VPN solution provided by Microsoft is sometimes not as reliable
> >> as I'd like.
> >>
> >> It would be helpful for me if you were to let us know the range of
> >> addresses that are assigned by the central VPN server so I can allow
> >> them through my IPSec policies.  This way I can give my VPN users the
> >> option of using the central solution when it goes public.
> >>
> >> It seemed apparent from discussions at the last NAG meeting that other
> >> folks on campus are firewalling or otherwise blocking ports (or planning
> >> to do so soon) to machines in their specific departments, and they would
> >> also find this information helpful.
> >>
> >> If this information is already publicly available somewhere then feel
> >> free to find me and slap me at your earliest convenience.
> >
> >No, we haven't published this yet.  I should put that on the VPN information
> >pages.  The VPN service will use IP's in the range 35.12.64.0 through
> >35.12.95.255.  I'm sure we won't use all of those IP's, but I have reserved
> >them for the VPN service.
> >
> >Doug
> >
> >
> >Doug Nelson                     [log in to unmask]
> >Network Manager                 Ph: (517) 353-2980
> >Computer Laboratory             http://www.msu.edu/~nelson/
> >Michigan State University
>
>
> At 10:41 AM 9/30/2004, Lee Duynslager wrote:
> >Has anybody out there configured a firewall on a msu server or machine to
> >permit access via VPN?
> >
> >The reason I ask is that if you could provide me with the minimal list or
> >range of IP addresses that will have to be added to the firewall rules so
> >that users connecting via vpn can access that server?
> >
> >Thanks,
> >
> >Lee
>
>
> --Chris
> ==============================================
> Chris Wolf                    Computer Service Manager
> Agricultural Economics        [log in to unmask]
> Michigan State University     517 353-5017
>
>



Doug Nelson, Network Manager             |  [log in to unmask]
Academic Computing and Network Services  |  Ph: (517) 353-2980
Michigan State University                |  http://www.msu.edu/~nelson/