I'm trying to set up a VPN connection from the corporate network to my home network. I need to use a VPN connection because company policy does not allow the use of Remote Desktop. My home network consists of 3 computers (all XP Pro) sitting behing a Zyxel Prestige 660HW router/firewall with VPN capabilities, which in turn sits behind a DSL modem.
I've been reading all over the place and I'm still not clear on the configuration.
The home network is set up as a workgroup. It's set up behind NAT in the192.168.1.0/24 block. I have a dynamic IP, but I'm using a dynamic DNS service (which I'll call blablabla.dyndns.org).
The work computer is part of an AD domain, and uses NAT in the 172.16.0.0/12 range. I don't know the firewall setup, nor do I have any sort of access to it.
In the VPN/IPSec settings of the router, I've set up the following:
Menu 27.1.1 - IPSec Setup
Index #= 1 Name= blablabla.dyndns.org //not real address Active= No Keep Alive= No //not yet activated Local ID type= DNS Content= 12345 My IP Addr= 0.0.0.0 Peer ID type= DNS Content= 12345 Secure Gateway Address= blablabla.dyndns.org Protocol= 0 DNS Server= 0.0.0.0 Local: Addr Type= SUBNET IP Addr Start= 192.168.1.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Remote: Addr Type= SUBNET IP Addr Start= 192.168.2.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Enable Replay Detection= No Key Management= IKE Edit Key Management Setup= No
In the Key Management Setup:
Menu 22.214.171.124 - IKE Setup
Phase 1 Negotiation Mode= Main PSK= 12345678 Encryption Algorithm= DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH1
Phase 2 Active Protocol= ESP Encryption Algorithm= DES Authentication Algorithm= SHA1 SA Life Time (Seconds)= 28800 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None
The router manual isn't much help. I'm planning to create the connection using the XP client from work. I haven't tried it from work yet (will do it tomorrow), but does anyone see any glaring errors in the above configuration that might not cause it to work, so that I can change it today while I'm still home?
I also plan to be traveling quite a bit in the next few months. Would this work no matter where I am? (of course, if I'm not inside the company's network, I have a chance of being able to use RDP).