[JJ]

Quote:

Originally Posted by Mike Donatello

Any suggestion for a host with a dynamically assigned IP? How do you make sure the Pocket Hosts association is accurate all the time?

I use the free dynamic IP DNS service such as DynDns.org and to make sure Pocket Hosts association is correct I guess you could always ping your DNS name before using it to make sure it matches what's stored in Pocket Hosts.

[JJ]

Quote:

Originally Posted by Mike Donatello

Any suggestion for a host with a dynamically assigned IP? How do you make sure the Pocket Hosts association is accurate all the time?

I use the free dynamic IP DNS service such as DynDns.org and to make sure Pocket Hosts association is correct I guess you could always ping your DNS name before using it to make sure it matches what's stored in Pocket Hosts.

[Janak Parekh]

Quote:

Originally Posted by Ed Hansberry

Sounds like the hotel had the VPN port blocked. They don't have to support VPN, but they do have to open the port. Some cell phones and ISPs block this port unless you pay an extra fee - knowning as a business traveler you will be more likely to pay.

There's also the problem of overlapping IP address ranges. If you try to open a VPN session from a 10.* address block behind one of these NAT routers, and the subnet you're trying to access is 10.*, the routing tables in your computer will get massively confused as to which network to direct packets onto.

This is why I set my NAT routers at home to 172.16.*, as they're used the least of the three private IP blocks.

--bdj

[Ed Hansberry]

Quote:

Originally Posted by BigDaddyJ

There's also the problem of overlapping IP address ranges. If you try to open a VPN session from a 10.* address block behind one of these NAT routers, and the subnet you're trying to access is 10.*, the routing tables in your computer will get massively confused as to which network to direct packets onto.

This is why I set my NAT routers at home to 172.16.*, as they're used the least of the three private IP blocks.

I thougth 192.168.*.* was the best to use behind NAT. Those addresses simply don't exist in the wild.

[TeQuilYa]

The hotels swears they had no firewall at all, just NAT. I think the overlapping subnets seems a likely cause of failure, I hadn't thought of that issue. I'll have to see if I can configure the subnet masks to force it to treat them as separate networks next time.

As far as the routers not needing VPN support, I don't think that is true. My routers definitely have checkboxes to enable both PPTP and IPSEC pass-through. I'm sure this isn't as simple as opening a port, I think there is some header fix-up work to be done.

I looked around a bit and see several references to needing to get a router that has VPN support if you need it. Here is one such link: http://www.practicallynetworked.com/...t/VPN_help.htm

Thanks for the suggestions to try.

[Ed Hansberry]

Quote:

Originally Posted by TeQuilYa

As far as the routers not needing VPN support, I don't think that is true. My routers definitely have checkboxes to enable both PPTP and IPSEC pass-through. I'm sure this isn't as simple as opening a port, I think there is some header fix-up work to be done.

I am 99.9% sure that is for inbound VPN traffic so they can properly route the packets and fool the VPN client into thinking they are talking directly to the VPN server. I had to get a new router at work because our old Lucent couldn't do IPSEC pass-through properly.

[JP]

OK, I got this working with XP and my Tmobile. However, for some reason I am having problems with the firewall. When it is up I cannot remote activesync. When it is down I can. I have attempted to open the ports given but something tells me I am not doing it right. All I thought I had to do was open TCP filtering and add all the ports and then check the appropriate boxes. Is there more to it than this? Could someone perhaps give me some guidance on how their firewall is configured to get this to work?

[Jason Dunn]

Quote:

Originally Posted by JP

Could someone perhaps give me some guidance on how their firewall is configured to get this to work?

All firewalls are different in terms of interface, but they work in the same basic way: you open a port, and you need to direct that port to an IP address on the network. The IP address would be your desktop PC - if you don't know your desktop IP, START > RUN > CMD > IPCONFIG

Bam! That's it. :-)

[Janak Parekh]

Quote:

Originally Posted by Ed Hansberry

I thougth 192.168.*.* was the best to use behind NAT. Those addresses simply don't exist in the wild.

As per the RFC 1918 standard ("Address Allocation for Private Intranets"), there are three private blocks, not one:

10.0.0.0-10.255.255.255 (10/8 prefix)
172.16.0.0-172.31.255.255 (172.16/12 prefix)
192.168.0.0-192.168.255.255 (192.168/16 prefix)

You've been restricting yourself all this time

I use 10.x mostly for customers, actually; it's easier to type.

It is indeed worth noting, though, that most home routers use 192.168.* by default. They don't have to, and all the ones I've used can change to one of the other blocks.

--bdj

[JP]

Quote:

Originally Posted by Jason Dunn

Quote:

All firewalls are different in terms of interface, but they work in the same basic way: you open a port, and you need to direct that port to an IP address on the network. The IP address would be your desktop PC - if you don't know your desktop IP, START > RUN > CMD > IPCONFIG

Bam! That's it. :-)

Again, I am only using the firewall in XP, nothing else. I know my ip address and I guess I am opening the port with TCP filtering but I don't quite see how to direct that port to an ip address. I thought it would do this automatically. Could someone explain specifically how to do this within XP?

[Jason Dunn]

Quote:

Originally Posted by JP

Again, I am only using the firewall in XP, nothing else. I know my ip address and I guess I am opening the port with TCP filtering but I don't quite see how to direct that port to an ip address. I thought it would do this automatically. Could someone explain specifically how to do this within XP?

I'm just guessing here, because I don't use the XP firewall, but you should have it set up something like this: