I have just added this to the published VPN instructions, at: http://network.msu.edu/public/vpn/#Server Doug > I think this is what you want. > > >Return-path: <[log in to unmask]> > >Date: Tue, 20 Jan 2004 11:35:18 -0500 > >Reply-To: Doug Nelson <[log in to unmask]> > >Sender: MSU Network Administrators Group <[log in to unmask]> > >From: Doug Nelson <[log in to unmask]> > >Subject: Re: [MSUNAG] Central VPN access server now available > >To: [log in to unmask] > > > >Jeff Bowes writes: > > > >> At this point I am blocking access to most ports on PCs in my Windows > >> domain from sources outside of a short list of allowed IP ranges. These > >> IP ranges basically consist of Physics and Astronomy "owned" static and > >> DHCP addresses. To help outside users access the domain from a source > >> outside the allowed range I run a VPN server of my own, but I've found > >> that the VPN solution provided by Microsoft is sometimes not as reliable > >> as I'd like. > >> > >> It would be helpful for me if you were to let us know the range of > >> addresses that are assigned by the central VPN server so I can allow > >> them through my IPSec policies. This way I can give my VPN users the > >> option of using the central solution when it goes public. > >> > >> It seemed apparent from discussions at the last NAG meeting that other > >> folks on campus are firewalling or otherwise blocking ports (or planning > >> to do so soon) to machines in their specific departments, and they would > >> also find this information helpful. > >> > >> If this information is already publicly available somewhere then feel > >> free to find me and slap me at your earliest convenience. > > > >No, we haven't published this yet. I should put that on the VPN information > >pages. The VPN service will use IP's in the range 35.12.64.0 through > >35.12.95.255. I'm sure we won't use all of those IP's, but I have reserved > >them for the VPN service. > > > >Doug > > > > > >Doug Nelson [log in to unmask] > >Network Manager Ph: (517) 353-2980 > >Computer Laboratory http://www.msu.edu/~nelson/ > >Michigan State University > > > At 10:41 AM 9/30/2004, Lee Duynslager wrote: > >Has anybody out there configured a firewall on a msu server or machine to > >permit access via VPN? > > > >The reason I ask is that if you could provide me with the minimal list or > >range of IP addresses that will have to be added to the firewall rules so > >that users connecting via vpn can access that server? > > > >Thanks, > > > >Lee > > > --Chris > ============================================== > Chris Wolf Computer Service Manager > Agricultural Economics [log in to unmask] > Michigan State University 517 353-5017 > > Doug Nelson, Network Manager | [log in to unmask] Academic Computing and Network Services | Ph: (517) 353-2980 Michigan State University | http://www.msu.edu/~nelson/