Solved

Drive mapping through the Internet

Posted on 2004-04-24
14
1,298 Views
Last Modified: 2010-05-18
We have a windows 2000 server computer. Its address is statically assigned 192.168.1.x.  The router is hooked up to a DSL phone line.  I would like to make a drive mapping from my home computer through the internet so I can access the Network that way.   (Specifically right now I wish to access source safe, but also to copy files around)

Is there a secure way to set this up and if so, how is it best done?  Thanks
0
Comment
Question by:StephenSimpsonx
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10909215
The most secure way to do this is through a VPN tunnel, but you will need to install RRAS on the server first.  This is not an easy fix though (setting up RRAS)..

If security were not a concern, and you were using W XP at home, we could just use Terminal Services and RDP, which will map the drives automatically...
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10909222
BTW:  if you decide to use Terminal Services and RDP, you will need to open up Port 3389 on your firewall/router, and map it to your Server's IP address...
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10909271
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10909577
Fatal, I believe that you will find that TS and RDP drive mapping will not work, if you are thinking of the Drive Share utility, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;244725, which notes: "The Drive Share tool relies on NetBIOS name resolution to work. This tool is not guaranteed to work properly over the Internet because of router configurations. If the tool does not work, try to perform a net use command from inside a Terminal Services session back to your client computer. If this does not work, Drive Share also does not work."  Only Citrix virtual channels give you reliable mapped drives over the Internet.

If you don't want to have the expense (but ease) of Citrix, your only other alternative is some kind of VPN connection.  My primary reservation with using RRAS VPN connections is that your default gateway will become RRAS connection, which can create bandwidth congestion on the server end unless your are willing to mess the client machine routing table.  

I personally like and use router-to-router VPN connections between home and work.  I have a Linksys BEFVP41 at home making a 3DES connection to my Pix 501 at work.  Both networks appear local to one another; my home default gateway is still my own ISP.  I can access folders/files from either end in both directions by mapping drives or using UNC names.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10909778
Yes...  that is why I mentioned installing RRAS and a VPN..  But I do agree that a hardware VPN solution works best..  I use Cisco and the Cisco VPN utility for mine...  Not nearly the overhead or admin headaches of RRAS..
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10909985
Fatal, when you use Cisco VPN client, does it change default gateway to VPN connection or leave it alone?  Will it run on XP?
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10911199
StephenSimpsonx

This is how you set up a VPN with RRAS:
Configure VPN Access at server

Using the wizard:

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


In Routing and Remote Access Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP and/or PPtP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP or PPtP and access is granted

Client Settings:
Follow wizard for VPN connection
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043

I have this working here and I'm very pleased with the results.

PPTP is the simplest to set up. You can use L2TP with the IPSEC shared key (a passphrase) rather than a certificate on Windows 2003 RRAS. L2TP will traverse a NATted connection to the internet, which you may have if you have more than one machine at your house connected to the internet on a single connection.

Cheers

JamesDS
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10911778
Nice explanation James...  :)  Looks a lot simpler when you explain it....  I know I could not have done it better...!!!  In fact, I think I will just paste it into my Company Server Manual.. haha

The Cisco VPN Client provides support for Windows 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32- and 64-bit), and Mac OS X 10.1 and 10.2 (Jaguar).

http://www.cisco.com/en/US/products/sw/secursw/ps2308/

Downloading and installing Cisco VPN client software

http://www.cites.uiuc.edu/vpn/download-install.html
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10912056
FE

That is actually a cut and paste from my own build instructions, I run one of these out of my house :)

Can you use the Cisco VPN front end with the L2TP/IPSec backend, or does it insist on pure IPSec?

In answer to Quetzals Q I think use of the VPN as the gateway is configurable at the client. Certainly the MS client supports it, so it seems unlikely that Cisco wouldn't. And it does run on XP.

Cheers

JamesDS
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10912203
James, I second the kudos for your instructions, I will steal them too :)

Thanks also for the ref to the next MS IPSEC update.  The old way was hideous and unusable.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10912210
geez, you'd think I can't type at all...

new->next
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10913749
:)
0
 

Author Comment

by:StephenSimpsonx
ID: 10915186
Thanks for everyones comments.  I got it working, though it took a couple of hours.  It was easy to follow JamesDS's instructions to set up the VPN server. I was able to connect to it right away, as soon as I opened port 1723 on the router.  It took some time to figure out how to get the drive mapping to connect though. My home network and the office network are on the same subnet, 192.168.1.x.  This caused a problem until I set up the vpn server to hand out ip addresses in 192.168,2,x.

I also cleared the checkbox called 'used default gateway on remote network' in the workstation vpn network connectin settings.

I works very well.

Thanks
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10917576
Glad to hear it...  Best of luck...

FE
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adprep 12 58
cant not receive emails, due to low disk space. 16 255
Cannot Upgrade Microsoft Installer on Windows 2000 29 61
Windows  Active Directory  Quesiton 8 116
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now