>From: "Neil Gardner" <NeilG@ipex.co.nz>

>Head office: Nokia ni200 in an MS ISA box. Routing and Remote Access is
>running, and providing a PPTP VPN so that employees can VPN in from home
and
>access our terminal server.

<cough> (MS Security)

>Remote site 2: is an office with a Dlink DSL804 and TWO winXP PCs.
[One works, two don't]

>My first thought is perhaps have a gateway PC with routing enabled that
>connects to the VPN, and then statically assign the 2 PCs in the office
with
>IPs matching the Remote LAN... Thoughts - Solutions???

The DSL 804 documentation claims support for PPTP-pass-through but from your
posting this is obviously not a full PPTP ALG.

Your idea of adding a VPN Router is probably the most elegant however you
will need to understand how routing works in Win2k RAS to get it going.

Another thing you could try..

Use L2TP for one of the XP systems and PPTP for the other, this will get
aroung the issue of the RAS Server seeing two PPTP control connections
coming from the same IP Address (a no no). Microsoft's implementation of
L2TP uses IPSec encapsulation by default, there is a registry hack to turn
it off. (Q258261 on support.microsoft.com, use at you own risk).

If you decide to try L2TP, remember to enable incoming UDP on port 1701 in
MS ISA and keep an eye out for the next security patch/compromise for MS
Servers :)

Cheers

BG.

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message