purk
2003-01-24, 07:47 PM
http://www.zyxel.com/support/supportnote/p310/app/pptp_client.htm
What is PPTP Client?
Microsoft's Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP network. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet.
This implementation of PPTP client is specifically for the French market where Alcatel's ANT (ADSL Network Termination) is deployed. Most, if not all, broadband modems (ADSL and cable modem) are equipped with Ethernet instead of RS-232 because RS-232 is too slow. It is therefore impossible to use them in the same way as the traditional analog modem and ISDN TA. A mechanism is needed to transport the PPP frames from a PC to the broadband modem over Ethernet. Before PPPoE was formalized, Alcatel came up with the idea of building PPTP into their ANT for this purpose.
Instead of using the Internet to transport PPP frames anywhere in the world as originally envisioned, Alcatel's solution uses PPTP only over the short haul between the PC and the modem over Ethernet. For the rest of the connection, the PPP frames are transported with PPP over AAL5 (RFC 2364). The PPP connection, however, is still between the PC and the ISP.
The various connections in this setup are depicted in the following diagram.
The PPTP client feature means the PPTP connection is initialized by the Prestige router, so this connection is transparent to the PPTP clients on the network. This eliminates the settings of every clients and does not matter whether the computers on the network are Windows, Macintosh or even UNIX, all that is required is a standard TCP/IP protocol stack. In fact,
users are unaware that they are on a VPN, since the Prestige does all the VPN work.
--------------------------------------------------------------------------------
Setup the Prestige as a PPTP client
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= PPTP
Service Type= N/A
My Login=
My Password= ********
Idle Timeout= 100
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Key Settings:
Option Description
Encapsulation Set 'PPTP' as the encapsulation.
My Login Enter the login name to login the PPTP server.
My Password Enter the password associated with the login name above.
IP Address Assignment Choose 'Dynamic' if the PPTP server provides the IP dynamically, otherwise choose 'Static'.
IP Address Enter the IP address supplied by the PPTP server if applicable.
Single User Account Set this field to 'Yes' to enable the Single User Account feature for your Prestige. Use the space bar to toggle between 'Yes' and 'No'.
http://www.zyxel.com/support/supportnote/p642/app/pptp.htm Configure a PPTP server behind SUA
--------------------------------------------------------------------------------
Introduction
PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
In order to run the Windows9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.0 Remote Access Server.
Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run correctly. Windows NT Domain Login level security is preserved even across the Internet.
Window95 PPTP Client / Internet / NT RAS Server Protocol Stack
PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem.
The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade.
Configuration
This application note explains how to establish a PPTP connection with a remote private network in the Prestige SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the appropriate private IP address of Windows NT server.
Example
The following example shows how to dial to an ISP via the Prestige and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the Prestige.
PPTP server setup (WinNT)
Add the VPN service from Control Panel>Network
Add an user account for PPTP logged on user
Enable RAS port
Select the network protocols from RAS such as IPX, TCP/IP NetBEUI
Set the Internet gateway to Prestige
PPTP client setup (Win9x)
Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server.
Set the Internet gateway to the router that is connecting to ISP
Prestige router setup
Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige router to your ISP first.
Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown below.
Menu 15 - SUA Server Setup
Port # IP Address
------ ---------------
1.Default 0.0.0.0
2. 1723 192.168.1.10
3. 0 0.0.0.0
4. 0 0.0.0.0
5. 0 0.0.0.0
6. 0 0.0.0.0
7. 0 0.0.0.0
8. 0 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achive, you can place a VPN call from the remote Win9x client.
For example:
C:\ping 203.66.113.2
When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic through that connection. Therefore, the output below shows the default gateway of the Win95 client after the dial-up connection has been established.
Before making a VPN connection from the Win9x client to the NT server, you need to know the exact Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu 24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can always use this IP address for reaching the VPN server.
In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI.
What is PPTP Client?
Microsoft's Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP network. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet.
This implementation of PPTP client is specifically for the French market where Alcatel's ANT (ADSL Network Termination) is deployed. Most, if not all, broadband modems (ADSL and cable modem) are equipped with Ethernet instead of RS-232 because RS-232 is too slow. It is therefore impossible to use them in the same way as the traditional analog modem and ISDN TA. A mechanism is needed to transport the PPP frames from a PC to the broadband modem over Ethernet. Before PPPoE was formalized, Alcatel came up with the idea of building PPTP into their ANT for this purpose.
Instead of using the Internet to transport PPP frames anywhere in the world as originally envisioned, Alcatel's solution uses PPTP only over the short haul between the PC and the modem over Ethernet. For the rest of the connection, the PPP frames are transported with PPP over AAL5 (RFC 2364). The PPP connection, however, is still between the PC and the ISP.
The various connections in this setup are depicted in the following diagram.
The PPTP client feature means the PPTP connection is initialized by the Prestige router, so this connection is transparent to the PPTP clients on the network. This eliminates the settings of every clients and does not matter whether the computers on the network are Windows, Macintosh or even UNIX, all that is required is a standard TCP/IP protocol stack. In fact,
users are unaware that they are on a VPN, since the Prestige does all the VPN work.
--------------------------------------------------------------------------------
Setup the Prestige as a PPTP client
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= PPTP
Service Type= N/A
My Login=
My Password= ********
Idle Timeout= 100
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Key Settings:
Option Description
Encapsulation Set 'PPTP' as the encapsulation.
My Login Enter the login name to login the PPTP server.
My Password Enter the password associated with the login name above.
IP Address Assignment Choose 'Dynamic' if the PPTP server provides the IP dynamically, otherwise choose 'Static'.
IP Address Enter the IP address supplied by the PPTP server if applicable.
Single User Account Set this field to 'Yes' to enable the Single User Account feature for your Prestige. Use the space bar to toggle between 'Yes' and 'No'.
http://www.zyxel.com/support/supportnote/p642/app/pptp.htm Configure a PPTP server behind SUA
--------------------------------------------------------------------------------
Introduction
PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
In order to run the Windows9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.0 Remote Access Server.
Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run correctly. Windows NT Domain Login level security is preserved even across the Internet.
Window95 PPTP Client / Internet / NT RAS Server Protocol Stack
PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem.
The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade.
Configuration
This application note explains how to establish a PPTP connection with a remote private network in the Prestige SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the appropriate private IP address of Windows NT server.
Example
The following example shows how to dial to an ISP via the Prestige and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the Prestige.
PPTP server setup (WinNT)
Add the VPN service from Control Panel>Network
Add an user account for PPTP logged on user
Enable RAS port
Select the network protocols from RAS such as IPX, TCP/IP NetBEUI
Set the Internet gateway to Prestige
PPTP client setup (Win9x)
Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server.
Set the Internet gateway to the router that is connecting to ISP
Prestige router setup
Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige router to your ISP first.
Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown below.
Menu 15 - SUA Server Setup
Port # IP Address
------ ---------------
1.Default 0.0.0.0
2. 1723 192.168.1.10
3. 0 0.0.0.0
4. 0 0.0.0.0
5. 0 0.0.0.0
6. 0 0.0.0.0
7. 0 0.0.0.0
8. 0 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achive, you can place a VPN call from the remote Win9x client.
For example:
C:\ping 203.66.113.2
When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic through that connection. Therefore, the output below shows the default gateway of the Win95 client after the dial-up connection has been established.
Before making a VPN connection from the Win9x client to the NT server, you need to know the exact Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu 24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can always use this IP address for reaching the VPN server.
In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI.