I think this is what you want. >Return-path: <[log in to unmask]> >Date: Tue, 20 Jan 2004 11:35:18 -0500 >Reply-To: Doug Nelson <[log in to unmask]> >Sender: MSU Network Administrators Group <[log in to unmask]> >From: Doug Nelson <[log in to unmask]> >Subject: Re: [MSUNAG] Central VPN access server now available >To: [log in to unmask] > >Jeff Bowes writes: > >> At this point I am blocking access to most ports on PCs in my Windows >> domain from sources outside of a short list of allowed IP ranges. These >> IP ranges basically consist of Physics and Astronomy "owned" static and >> DHCP addresses. To help outside users access the domain from a source >> outside the allowed range I run a VPN server of my own, but I've found >> that the VPN solution provided by Microsoft is sometimes not as reliable >> as I'd like. >> >> It would be helpful for me if you were to let us know the range of >> addresses that are assigned by the central VPN server so I can allow >> them through my IPSec policies. This way I can give my VPN users the >> option of using the central solution when it goes public. >> >> It seemed apparent from discussions at the last NAG meeting that other >> folks on campus are firewalling or otherwise blocking ports (or planning >> to do so soon) to machines in their specific departments, and they would >> also find this information helpful. >> >> If this information is already publicly available somewhere then feel >> free to find me and slap me at your earliest convenience. > >No, we haven't published this yet. I should put that on the VPN information >pages. The VPN service will use IP's in the range 35.12.64.0 through >35.12.95.255. I'm sure we won't use all of those IP's, but I have reserved >them for the VPN service. > >Doug > > >Doug Nelson [log in to unmask] >Network Manager Ph: (517) 353-2980 >Computer Laboratory http://www.msu.edu/~nelson/ >Michigan State University At 10:41 AM 9/30/2004, Lee Duynslager wrote: >Has anybody out there configured a firewall on a msu server or machine to >permit access via VPN? > >The reason I ask is that if you could provide me with the minimal list or >range of IP addresses that will have to be added to the firewall rules so >that users connecting via vpn can access that server? > >Thanks, > >Lee --Chris ============================================== Chris Wolf Computer Service Manager Agricultural Economics [log in to unmask] Michigan State University 517 353-5017