Yes, the connection wizard assumes you re connecting over the Internet to your workplace, but that s okay. You may do that as well with this same wizard, but for now let me just get the link to my le server. Figure 16-11 shows the Windows XP wizard asking for the name for this connection. Give this a descriptive name if you have more than one connection.
Figure 16-11: In Step 5 of the previous list, you provide a name you can remember for the connection.
Broadband-1 may not be descriptive enough for you, but it works here for me. Feel free to give your icon the name of the le server, for example, so you can keep track. The next step asks for the VPN server name or Internet Protocol address of the end-point connection. Because this is all on my local network, I prefer to use an IP address rather than a name like because using a name forces me to have a local Domain Name Server running in my local network. Refer to the Domain Name Service section in 12 if you want to check out running your Domain Name Server in your home or business, but most small companies don t. They use Windows networking for connecting to Workgroup assets, and rely on the name service provided by their ISP for Internet name translations.
16 Wireless Security in Depth
Figure 16-12 shows the IP address I listed for the Tritton ASAP le server. Remember when I said I prefer to give all my network devices speci c IP addresses rather than let them grab an address from the pool This is why: you have to list the exact IP address of the connection point. You can t give an exact address if that may change after a device reboot.
Figure 16-12: Specifying the far-end connection of a VPN.
I don t want to put the IP address of my router in here, because the router is not the endpoint of my VPN (my nal destination). The whole idea is to convert an open-air wireless connection with no protection into a secure communication conduit. That means I want every stop on the network traversed by the VPN, not my open-air wireless signals to keep the traf c between me and the network attached storage device encrypted for the entire trip. Your network must have an intelligent VPN device on each end of the connection. In this case, the ends are my PC running Windows XP Home, and the Trident router/gateway/network attached storage unit. If I was trying to reach the SnapAppliance server and storage device instead, I would make the router the endpoint of my network. Because the Tritton includes VPN capabilities, I m securing my wireless connection all the way to the folders on the Tritton. After you click the Finish button, Windows XP Home creates a new icon in the Network Connections page. In my case, the icon is named Broadband-1. Now I do wish I d picked a better name.
434 Part IV Linking Your Network Devices
You can check all these settings by right-clicking the VPN icon and choosing Properties. The information you con gured, plus many options and security details you may not want to dive into at rst, are all displayed for you. Figure 16-13 shows the Networking page of the Broadband-1 Properties window. The other choices under Type of VPN are Automatic and L2TP IPSec VPN. You won t need to use them unless the device on the far end requires their use rather than the Peer to Peer Tunneling Protocol (PPTP) shown.
Figure 16-13: Checking on the VPN de ned in the previous screen shots.
The General tab enables you to set the IP address of the destination device again, which is the Tritton storage device in my example but could be another router in your case. The Options tab sets dialing behavior. (Microsoft still treats this like it s an old-fashioned data connection over a modem.) The Security tab includes authentication and validation information. If your company uses a Smart Card for security, you would have to register that with the Windows XP Home software as well any reader you have to use. The Advanced tab includes another chance to turn on the Microsoft Internet Connection Firewall. I don t recommend that because I prefer using router and
