THE WELCH COMPANY
440 Davis Court #1602
San Francisco, CA 94111-2496
415 781 5700
rodwelch@pacbell.net
S U M M A R Y
DIARY: November 13, 2004 10:20 AM Saturday;
Rod Welch
Called Morris on working with Netmeeting and a firewall on W2K, XP.
1...Summary/Objective
2...Research Netmeeting Configured with Router Firewall
..............
Click here to comment!
CONTACTS
0201 - Intel Corporation O-00000704 0201
020101 - Mr. Morris E. Jones;
SUBJECTS
Default Null Subject Account for Blank Record
0903 -
0903 - ..
0904 - Summary/Objective
0905 -
090501 - Follow up ref SDS 2 GN57, ref SDS 1 5H4G.
090502 -
090503 - Worked on configuring Netmeeting; will continue this evening.
090505 - ..
090506 - Submitted email to Morris with link to this record confirming
090507 - progress, and planning. Sent a copy to Gary.
090508 -
090509 -
090510 -
090511 -
090512 -
090514 - ..
0906 -
0907 -
0908 - Background
0909 -
090901 - The other day, Gary and I tried setting up Netmeeting to jointly work
090902 - on the SDS Subject Index for something. possibly to consider how to
090903 - transfer multiple account structures from one user to another, rather
090904 - than do this one account at a time.
090906 - ..
090907 - Gary had to locate Netmeeting on computer under XP, because Microsoft
090908 - has dropped support in XP to use a different system. For some reason
090909 - the new Microsoft system was not tried during this call. Gary found
090910 - the Netmeeting program on his computer under the XP program -- not
090911 - sure which directory.
090913 - ..
090914 - We used instructions from the record on 020110 when Morris used
090915 - netmeeting, ref SDS 1 5H4G, to demonstrate advantages of Microsoft
090916 - programs, principally trying to use Word and Outlook for intelligence
090917 - support enabled by SDS, as outlined in NWO. ref OF 12 A56M
090919 - ..
090920 - Those instructions call for obtaining an IP address by calling Help
090921 - and About... from within the Netmeeting program.
090923 - ..
090924 - At that time, this procedure yielded only a single IP Address....
090925 -
090926 - 192.168.0.2
090928 - ..
090929 - The record on 020110 says that an IP address that begins with 192...
090930 - is not adequate for using Netmeeting. ref SDS 1 XV5G
090932 - ..
090933 - Gary and I worked on configuring a Netmeeting session for about 30
090934 - minutes or so, but could get an IP address for making a connection.
090936 - ..
090937 - Today, Morris said...
090938 -
090939 - 1. Router firewall is blocking Netmeeting from finding IP address.
090941 - ..
090942 - 2. IP address beginning with 192...., is not good for Netmeeting. Need another
090943 - assigned each time people sign on.
090945 - ..
090946 - 3. Need to enable TCP port.... 1053
090948 - ..
090949 - 4. To look up firewall status, open IE.
090950 -
090951 - Routers with firewalls typically store access data at...
090952 - 192.168.1.1
090954 - ..
090955 - 5. Enter at the address line (location bar) for IE....
090956 -
090957 - 192.168.0.1 press Enter
090959 - ..
090960 - 6. This opens a dialog that asks for a username and a password.
090961 -
090962 - Found these access codes for username and password in the
090963 - record on acquistion of the router on 030814. ref SDS 3
090964 - 6L5J
090966 - ..
090967 - 7. This opens a session for configuring...
090968 -
090969 - Netgear Cable/DSL Web Safe Router RP614v2
090971 - ..
090972 - 8. There are options along the left side of the screen. Under
090973 - Advanced, there is an option for Port Forwarding. Select Port
090974 - Forwarding.
090976 - ..
090977 - 9. This opens another location that has a field for....
090978 -
090979 - Services
090981 - ..
090982 - This has a pull down arrow, that shows an option for
090983 -
090984 - Netmeeting
090986 - ..
090987 - 10. Select Netmeeting for Services, and click "Apply" near the
090988 - bottom of the screen.
090990 - ..
090991 - 11. Then check Netmeeting Help About to see if there is another IP
090992 - address.
090994 - ..
090995 - None of this worked to produce an IP address.
090997 - ..
090998 - Morris explained that firewalls are intended to prevent access, and we
090999 - are attempting to set up access through the Internet. He advised that
091000 - at Intel, Netmeeting has been configured to permit internal use across
091001 - their intranet network.
091003 - ..
091004 - By this time, Morris was in a hurry for another task. We will work on
091005 - it some more this evening after dinner, OA 2000.
091007 - ..
091008 - After the call, did some research on the Internet and found sources
091009 - with ideas. Sent a letter to Morris linked to this record which
091010 - Morris can review. ref SDS 0 HL4U
091011 -
091013 - ..
0911 -
0912 -
0913 - 1937 Called Morris
0914 -
091401 - He has a new project to help Steven install a new hard disk in his
091402 - computer. We investigated the configuration for about 30 minutes.
091404 - ..
091405 - Initially, tried to disconnect the DSL modem from the router and
091406 - connect directly to the computer to bypass the firewall. This failed
091407 - because the connection requires software to connect from the computer
091408 - to the DSL service provider server. That software has to be be
091409 - installed and configured.
091411 - ..
091412 - Morris read through the 4 ideas proposed in the research, per below.
091413 - ref SDS 0 NG4I
091415 - ..
091416 - Finally, decided that connecting Netmeeting with the router presents
091417 - too many connection and security issues.
091419 - ..
091420 - Morris suggested trying Windows Messenger.
091421 -
091422 - http://messenger.msn.com/
091424 - ..
091425 - This requires setting up a hotmail email account, and the description
091426 - says....
091427 -
091428 - Talk online, in real time, with friends, family, and
091429 - colleagues. It's faster than e-mail, more discreet than a
091430 - phone call, and best of all - it's free!*
091432 - ..
091433 - This does not sound like Netmeeting support for demonstrating things
091434 - on another user's computer.
091435 -
091436 -
091437 -
091438 -
091439 -
091440 -
091442 - ..
091443 - Research Netmeeting Configured with Router Firewall
091444 -
091445 - Found on the Internte....
091446 -
091447 - Netmeeting IP address firewall
091448 -
091449 - ...and found a location...
091451 - ..
091452 - http://support.microsoft.com/kb/q158623
091453 -
091454 - ...with the title....
091455 -
091456 - How to Establish NetMeeting Connections Through a Firewall
091458 - ..
091459 - This article says in part...
091460 -
091461 - ...describes how to use Microsoft NetMeeting to establish
091462 - connections over the Internet when you use a firewall to connect to
091463 - the Internet.
091465 - ..
091466 - NetMeeting uses the following Internet Protocol (IP) ports...
091467 -
091468 - Port Purpose
091469 - -------------------------------------
091470 - 389 Internet Locator Server [Transmission Control
091471 - Protocol (TCP)]
091472 - 522 User Location Server (TCP)
091473 - 1503 T.120 (TCP)
091474 - 1720 H.323 call setup (TCP)
091475 - 1731 Audio call control (TCP)
091476 - Dynamic H.323 call control (TCP)
091477 - Dynamic H.323 streaming [Realtime Transport Protocol (RTP)
091478 - over User
091480 - ..
091481 - To establish outbound NetMeeting connections through a firewall,
091482 - the firewall must be configured to do the following:
091484 - ..
091485 - • Pass through primary TCP connections on ports 522, 389, 1503,
091486 - 1720 and 1731.
091488 - ..
091489 - • Pass through secondary UDP connections on dynamically
091490 - assigned ports (1024-65535).
091491 -
091492 -
091493 -
091495 - ..
091496 - Further research found....
091497 -
091498 - http://www.meetingbywire.com/Firewalls.htm
091499 -
091500 - ...which says in part...
091501 -
091502 - There are four types of products that seem to be problems for
091503 - NetMeeting users -- most used to be corporate only problems but
091504 - lately home users setting up networks or running on full time
091505 - connections ( cable modem and dsl connections) have come upon the
091506 - same issues:
091507 -
091508 - 1. NAT routers (these are mostly used to provide access to the
091509 - internet for a LAN via a single routable IP address)
091511 - ..
091512 - 2. Proxy servers (often these are used in the same situation as
091513 - NATs but sometimes have extensive firewall functions)
091515 - ..
091516 - 3. LAN Firewalls - usually these provide some sort of NAT
091517 - function in addition to extensive LAN protection features
091519 - ..
091520 - 4. Personal firewall products (Black Ice Defender, Zone
091521 - Alarm, Norton's NIS (formerly AtGaurd), McAfee's Conseal)
091523 - ..
091524 - NetMeeting has particular problems operating with these products
091525 - because it uses the H.323 protocol - which for some reason has
091526 - embedded IP address information. The NetMeeting resource kit has
091527 - information on H.323 and firewalls that might be useful
091528 -
091529 - http://www.microsoft.com/windows/NetMeeting/Corp/reskit/Chapter4/default.asp
091531 - ..
091532 - This location then has a letter from another engineer that provides
091533 - more details on configuring routers for using Netmeeting, saying in
091534 - part...
091535 -
091536 - ...the router will function as an H.323 proxy, but ONLY on an
091537 - outgoing call. You can observe this by doing two things. First, go
091538 - to the Log tab, click the Enable Access log radio button and then
091539 - set the logging address to 255 so that the SNMP log messages are
091540 - broadcast to the entire LAN subnet. Don't forget to click Apply.
091541 - Second, the stardard reporting tools included in the router web
091542 - interface will not get you the information that you need. You want
091543 - to get a free product called SNMP Trap Watcher that will log all
091544 - messages coming out of the router. This can be downloaded for free
091545 - by going to the BTT Software site at
091546 -
091547 - http://www.bttsoftware.co.uk/
091549 - ..
091550 - Once you are running SNMP trap, you want to filter out a number of
091551 - messages (BFREE), but I will ignore this detail for now. If you
091552 - make an outgoing call, you will see that the router actually knows
091553 - that H.323 is in use and will allow the outgoing connection.
091554 - Pretty cool, eh?
091556 - ..
091557 - The gotcha is that the target machine being called must NOT be
091558 - behind a firewall or NAT device *OR* be on a H.323 gateway that is
091559 - NOT behind a firewall or NAT device *OR* the router itself must
091560 - have some sort of H.323 knowledge (more on this below #2). This is
091561 - almost NEVER the case and for good reason.
091563 - ..
091564 - Given the amount of virii, script kiddies and other advertising
091565 - lossage, you really have to be nuts NOT to have a consumer system
091566 - (i.e., Windows) behind a NAT firewall these days. So, as a result,
091567 - the Netmeeting calls will *always* fail. What to do? Thus far, I
091568 - have found four solutions, here they are with associated drawbacks:
091569 -
091570 - 1. Have both parties put their machines in the router DMZ. This
091571 - is usually the easiest and most direct way to explain to
091572 - somebody. Note that the documentation for the router says
091573 - that the specified hosts must not be DHCP but have hardwired
091574 - IP addresses. This is not true.
091576 - ..
091577 - I have local DHCP hosts that I have put in the DMZ; it works
091578 - fine, but you will have problems if the local host IP address
091579 - changes. These typically won't if you don't reboot. My hosts
091580 - stay up an average of two to three months between reboots (I
091581 - use UPS's), so this isn't a problem for me.
091583 - ..
091584 - The benefits of using the DMZ is that you can get an
091585 - unsolicated incoming call, if you keep netmeeting running.
091586 - This can be nice because the person calling you doen't have
091587 - to contact you first through some other channel to be ready
091588 - to get the call. This is important if you are doing support
091589 - work, for example. However, you can't have more than one
091590 - person at the same time on the local LANs making a call.
091592 - ..
091593 - The real problem is that the host that you are running in the
091594 - DMZ is now running around on the Internet with its electronic
091595 - pants down, so to speak. Remember what I said about being
091596 - nuts? Well, for the length of time that you are in the DMZ,
091597 - the bad guys can get at you and believe me, they are looking
091598 - ALL THE TIME.
091600 - ..
091601 - You must carefully close a number of ports and it isn't
091602 - directly obvious (or even possible) how to do this on some
091603 - versions of Windows. You have to load NetBEUI and the
091604 - Microsoft loopback device and then make sure that your WINS
091605 - Client is bound to only that. If you have XP, you also have
091606 - to go through the hassle of making it talk to these systems
091607 - because NETBEUI isn't included by default.
091609 - ..
091610 - Even the H.323 Gateway mentioned previously has this EXACT
091611 - SAME RISK: you must put the (Windows) system running the
091612 - gateway in the DMZ and worry about securing that. Sounds
091613 - risky and like a hassle? It is to me. I *NEVER* use this
091614 - unless I absolutely *have* to take a call from somebody who
091615 - can't do it any other way.
091617 - ..
091618 - I try really hard to use #2 below before I do this.
091619 -
091621 - ..
091622 - 2. Use the port triggering mechanism of the LinkSys router to
091623 - only allow ports to be opened on an incoming call. This has
091624 - the advantage of allowing you to get incoming calls without
091625 - being in the DMZ, but it is not quite completely secure or
091626 - convenient. To do this, you must have some idea of the ports
091627 - that Netmeeting uses and for what reason. For brevity (?), I
091628 - won't explain these further, but they are:
091630 - ..
091631 - Service Type Port or Port Range
091632 -
091633 - Internet Locator Server TCP 389
091634 - User Location Server TCP 522
091635 - T120 TCP 1503
091636 - H.323 Call Setup TCP 1720
091637 - Audio Call Control TCP 1731
091638 - H.323 call control TCP (*Dynamic) 1024-65535
091639 - H.323 streaming UDP (*Dynamic) 1024-65535
091641 - ..
091642 - It is these dynamic ports at the bottom of the list that are
091643 - the problem. H.323 negotiates channels to stream the audio
091644 - and video data. Since the router really has no idea of what
091645 - TCP/UDP ports these channels will be on, it can't forward
091646 - them, a priori. This is why Netmeeting will not work behind a
091647 - NAT device.
091649 - ..
091650 - However, you can use the LinkSys port triggering feature (as
091651 - what I think of as a 'hack') to get things to work. To set up
091652 - the appropriate triggering, you want to go to the advanced
091653 - tab of your router and select forwarding. Once you do this,
091654 - you must then select port triggering and fill in the above
091655 - values, viz:
091657 - ..
091658 - Application Trigger Incoming
091659 - Name Port Range Port Range
091660 -
091661 - 1. Netmeeting 389-389 389-389
091662 - 2. Netmeeting 522-522 522-522
091663 - 3. Netmeeting 1503-1503 1503-1503
091664 - 4. Netmeeting 1720-1720 1720-1720
091665 - 5. Netmeeting 1731-1731 1731-1731
091666 - 6. Netmeeting 1024-65335 1024-65335
091668 - ..
091669 - As always, don't for get to click Apply or your changes may
091670 - be lost if you switch to another page. The observant reader
091671 - (are there any still reading this?) will now notice that I
091672 - haven't said ANYTHING about an IP address for a machine to
091673 - get the calls to, yet. It isn't necessary. The way this works
091674 - is that when YOU make an OUTGOING call, use of ANY of these
091675 - ports will cause them ALL to be opened and an incoming
091676 - request on any of them to be forwarded to your computer.
091678 - ..
091679 - So what happens is that you call the other person and then
091680 - that person calls you. Both calls fail. Now that all the
091681 - ports are open and properly forwarded, the next call will
091682 - succeed, but you better be quick before they get closed.
091683 - More details on this can be found at...
091684 -
091685 - http://users2.ev1.net/~wufdog/Linky/NetMeeting.htm
091686 -
091687 - ...and....
091688 -
091689 - http://www.dslreports.com/forum/remark,1020195;root=equip,16;mode=flat
091691 - ..
091692 - The benefits of this are that now any host on your local LAN
091693 - can make an outgoing call, thus setting up things to get a
091694 - remote call, for a time. However, I don't know how long the
091695 - ports stay open and that's part of the problem. The router
091696 - does not know which port is the 'primary' port. So, outgoing
091697 - activity on ANY of them will cause them all to be triggered.
091699 - ..
091700 - If you have somebody else on your LAN using any of these port
091701 - ranges, then they may trigger the port triggering to their
091702 - machine and you may find that your call will drop. As above,
091703 - you can't have more than one person at a time on the local
091704 - LANs make a call.
091706 - ..
091707 - But the real problem I have is that having such a *huge*
091708 - range of port addresses triggered is a potential security
091709 - issue. Once you've triggered (and hence opened one port), you
091710 - have opened well over 60,000 other ports and they are now all
091711 - coming to your machine. Who knows what is listening on these
091712 - ports?? Script kiddies doing port scanning (and they do this
091713 - all the time) can now poke around on any port that you have
091714 - open in this range. They'll find out which ports are open for
091715 - you... This should not make you feel comfortable.
091717 - ..
091718 - Actually, it's not quite as bad as that; the major security
091719 - loop holes in Windows are ports 135, 137, 138 and 139 which
091720 - support NetBIOS file transfer, RPC and Windows Messenger
091721 - service. These are clearly not triggered by the above.
091722 - However, it's probably a good idea to filter these ports, to
091723 - prevent anybody in your subnet from publishing or accessing
091724 - remote shares and doing other things. I have them filtered.
091725 - Go to Advanced -> Filters page to do this. Note, you will no
091726 - longer be able to publish a share on the Internet. That's a
091727 - good thing most of the time.
091729 - ..
091730 - Another drawback of this approach is that you can't get an
091731 - unsolicated incoming call, even if you keep netmeeting
091732 - running. That is because port triggering works (and can only
091733 - work) when you (usually both of you) initiate an outgoing
091734 - call from your LAN to the WAN. So, the person calling you
091735 - must contact you first through some other channel to be ready
091736 - to get the call. This could be email in which you schedule a
091737 - time, but is typically a phone call.
091739 - ..
091740 - Finally, the router supports something called StateFul Packet
091741 - Inspection that will allow it to crack packets to figure out
091742 - what to open, but I don't know anything more about it as it
091743 - is still in beta.
091744 -
091746 - ..
091747 - 3. Use of Point to Point Tunneling Protocol (PPTP). You may have
091748 - noticed IPsec Pass Through and PPTP Pass Through listed on
091749 - the router advanced -> filters page. These allow you to set
091750 - up a host to host virtual private network if you enable them.
091752 - ..
091753 - I won't go into detail here, but you can set up *any* Windows
091754 - machine from 98 on up as a VPN client and any machine from NT
091755 - up as a VPN server. The client machine sets up a virtual
091756 - private network connection to the IP address of the remote
091757 - WAN. The remote router is then set to route port 1723 to the
091758 - machine doing the serving which has an incoming connection
091759 - configured.
091761 - ..
091762 - The advantages here are that once you've made the connection,
091763 - your client machine now shows up as a real IP host in the
091764 - target LAN. Netmeeting calls work trivially because there is
091765 - no NAT getting in the way; you are literally behind the
091766 - firewall and look local. You can call anybody on the LAN and
091767 - they can call you. Note that you have to set it up "the other
091768 - way around" if you want the remote person to be able to call
091769 - you.
091771 - ..
091772 - With this solution, you can now make an unsolicted call
091773 - whenever you want and not have to call somebody beforehand
091774 - (again, assuming that they are running netmeeting). You just
091775 - click on the remote connection and after some bit banging,
091776 - you are on the remote LAN with a remote IP address and can
091777 - make the call.
091779 - ..
091780 - NETBEUI is also forwarded, so you show up in the local
091781 - workgroup. This enables you to securely transfer data. It
091782 - also looks 'cute' to customers because they can now see that
091783 - you are actually there. You can do a "net send <host>" to
091784 - bother people.
091786 - ..
091787 - Both the video and audio of the call are now encrypted which
091788 - can be important if you are worried about being HIPAA
091789 - conformant or are just plain paranoid. No ports are opened up
091790 - besides 1723 which enforces security. This is my preferred
091791 - method, it's cheap and it works (mostly).
091793 - ..
091794 - There *are* a number of problems. The Microsoft PPTP product
091795 - is not robust in a couple of areas. The VPN link can go down
091796 - after a while for no apparent reason (even if you have a ping
091797 - -t running in the background).
091799 - ..
091800 - There are routing issues, also. Once you make the VPN call,
091801 - Windows will assume that the initiating client wants to route
091802 - ALL IP traffic over the VPN link. This means that if you are
091803 - listening to a net radio station, that traffic is now going
091804 - to get routed to the remote site which has to figure out what
091805 - to do with it. This can be a problem if the remote router
091806 - blocks the traffic or (more typically) doesn't have the
091807 - bandwidth for the radio and your netmeeting call.
091809 - ..
091810 - I have also had to reboot machines in order to unstick them,
091811 - which can be a problem if the machine is remote. It's another
091812 - phone call... The routing tables can get glitches (see
091813 - previous paragraph), but I can usually fix these by hand
091814 - tweaking things with the route command.
091816 - ..
091817 - If you use DHCP, the remote VPN server can sometimes get
091818 - mixed up and hand out the wrong IP address causing conflicts
091819 - (and hence loss of service). The longer you keep the system
091820 - up, the more likely this is.
091822 - ..
091823 - You can NOT configure a system with dual NICs to get an
091824 - incoming VPN call without Windows losing track of one of the
091825 - NICs. This is a real problem if you have highly available
091826 - machines (like three of mine); none of them can be servers.
091827 - It's a 'documented' issue. Who knows when it will be fixed...
091829 - ..
091830 - Security flaws have been found in a number of areas dealing
091831 - with authentication and buffer overflow. Since you are doing
091832 - encryption, you are going to use more network bandwidth and
091833 - the system doing the encryption will see more load. I have an
091834 - encrypting board on some of my slower systems to handle that
091835 - issue.
091837 - ..
091838 - It is possible that some regulatory agencies, comercial
091839 - agreements and/or governmental policy will forbid encrypted
091840 - traffic, particularly if you are going International.
091842 - ..
091843 - The main problem is that the user experience is no longer at
091844 - the consumer level. There are more things to click and when
091845 - things go wrong (as they frequently will), you'll need a
091846 - technical person around to kick the bits. That's a problem if
091847 - you are trying to support or talk to a remote non-technical
091848 - person.
091849 -
091851 - ..
091852 - 4. Use an encrypting router. Remember the BEFVP41 I mentioned
091853 - above? It can set up a VPN for you and route traffic between
091854 - the two subnets. You go to the VPN page and set up a tunnel
091855 - to your remote user and they do the same. Click connect and
091856 - you are all done. It took me about 10 minutes to set all this
091857 - up. What are the benefits? Because the router itself is now
091858 - handling the traffic and connections:
091860 - ..
091861 - a) Zero configuration changes to make on your local systems.
091863 - ..
091864 - b) It works for ANY kind of local host (Linux, Tops-20,
091865 - etc.) and ANY kind of port: Games, ftp, Telnet, WINS all
091866 - work.
091868 - ..
091869 - c) The router offloads the encryption, so your slow hosts
091870 - don't run out of gas.
091872 - ..
091873 - d) The router worries about keeping the VPN up and it seems
091874 - to do a great job. I have had zero (yes, that's "0")
091875 - downtime to my remote sites since I have started using
091876 - the BEFVP41.
091878 - ..
091879 - e) Great security; everybody is behind a firewall.
091881 - ..
091882 - f) Netmeeting calls are encrypted over the Internet.
091884 - ..
091885 - g) Unsolicted calls are now allowed in BOTH directions.
091887 - ..
091888 - h) Highly available systems continue to work.
091890 - ..
091891 - i) Windows 2000 and Windows XP have built in IPsec clients
091892 - that will allow you to use this from another site, even
091893 - if it doesn't have an encrypting router providing it
091894 - allows IPsec to go through unmolested on port 500.
091896 - ..
091897 - j) NO CHANGES IN THE TYPICAL END USER EXPERIENCE!!!
091898 -
091900 - ..
091901 - It should be obvious that I *love* this router. I can't wait
091902 - to get rid of my other BEFSR41 router. However, there are
091903 - some minor concerns that you should be aware of.
091904 -
091905 - a) There needs to be at least one (and better) two
091906 - routers.
091908 - ..
091909 - b) Cost: a BEFVP41 is at about twice the price of a
091910 - BEFSR41. I have seen the BEFSR41 go for about $60 US and
091911 - the BEFVP41 list for about $115 US. This cost issue is
091912 - what kept us using #3 until we got fed up with it.
091914 - ..
091915 - c) Because you are using encryption, you will use (some)
091916 - more bandwidth. This could be a problem on capped cable
091917 - lines or DSL lines with limited upload bandwidth
091919 - ..
091920 - d) You do need to have some technical chops to get it set
091921 - up (but you can basically forget about it after that).
091923 - ..
091924 - e) If you want it up all the time, you will need a UPS.
091926 - ..
091927 - f) It only makes sense for people that you call a lot. For
091928 - the arbitrary call to the arbitrary person, it's a
091929 - hassle to have to set up and tear down all those
091930 - tunnels. In our case, it has *eliminated* long distance
091931 - calls to remote sites. This could help offset the cost
091932 - of the router.
091934 - ..
091935 - g) The VPN'ed subnets now have *complete* access to each
091936 - other (i.e., there is no firewall protecting hosts on
091937 - one site from accesses by hosts on another). You may
091938 - have to take steps to secure hosts if you have people
091939 - poking around (like students, children or curious
091940 - adults). This is a real problem for Windows 98.
091942 - ..
091943 - h) It is possible that some regulatory agencies, commercial
091944 - agreements and/or governmental policy will forbid
091945 - encrypted traffic, particularly if you are going
091946 - International.
091948 - ..
091949 - i) Once it's up and people realize the call is free, you
091950 - sure do get bugged a lot!
091951 -
091953 - ..
091954 - Anyway, I hope that I've been of some help. The point that I
091955 - want to make here is that there should be less netmeeting
091956 - banging. Netmeeting usually works just great (when it works)
091957 - and you can get Macintosh clients. Unfortunately, for
091958 - efficiency reasons, it needs to negotiate seperate ports and
091959 - these can get you into trouble when you are running NAT
091960 - (which nearly all people do).
091961 -
091962 -
091963 -
091964 -
091965 -
091966 -
091967 -
091968 -
091969 -
091970 -
091971 -
091972 -
091973 -
091974 -
091975 -
091976 -
091977 -
091978 -
091979 -
091980 -
091981 -
091982 -
091983 -
091984 -
091985 -
091986 -
0920 -
Distribution. . . . See "CONTACTS"