Solved

Drive mapping through the Internet

Posted on 2004-04-24
14
1,297 Views
Last Modified: 2010-05-18
We have a windows 2000 server computer. Its address is statically assigned 192.168.1.x.  The router is hooked up to a DSL phone line.  I would like to make a drive mapping from my home computer through the internet so I can access the Network that way.   (Specifically right now I wish to access source safe, but also to copy files around)

Is there a secure way to set this up and if so, how is it best done?  Thanks
0
Comment
Question by:StephenSimpsonx
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
The most secure way to do this is through a VPN tunnel, but you will need to install RRAS on the server first.  This is not an easy fix though (setting up RRAS)..

If security were not a concern, and you were using W XP at home, we could just use Terminal Services and RDP, which will map the drives automatically...
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
BTW:  if you decide to use Terminal Services and RDP, you will need to open up Port 3389 on your firewall/router, and map it to your Server's IP address...
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
0
 
LVL 11

Expert Comment

by:Quetzal
Comment Utility
Fatal, I believe that you will find that TS and RDP drive mapping will not work, if you are thinking of the Drive Share utility, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;244725, which notes: "The Drive Share tool relies on NetBIOS name resolution to work. This tool is not guaranteed to work properly over the Internet because of router configurations. If the tool does not work, try to perform a net use command from inside a Terminal Services session back to your client computer. If this does not work, Drive Share also does not work."  Only Citrix virtual channels give you reliable mapped drives over the Internet.

If you don't want to have the expense (but ease) of Citrix, your only other alternative is some kind of VPN connection.  My primary reservation with using RRAS VPN connections is that your default gateway will become RRAS connection, which can create bandwidth congestion on the server end unless your are willing to mess the client machine routing table.  

I personally like and use router-to-router VPN connections between home and work.  I have a Linksys BEFVP41 at home making a 3DES connection to my Pix 501 at work.  Both networks appear local to one another; my home default gateway is still my own ISP.  I can access folders/files from either end in both directions by mapping drives or using UNC names.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
Yes...  that is why I mentioned installing RRAS and a VPN..  But I do agree that a hardware VPN solution works best..  I use Cisco and the Cisco VPN utility for mine...  Not nearly the overhead or admin headaches of RRAS..
0
 
LVL 11

Expert Comment

by:Quetzal
Comment Utility
Fatal, when you use Cisco VPN client, does it change default gateway to VPN connection or leave it alone?  Will it run on XP?
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
Comment Utility
StephenSimpsonx

This is how you set up a VPN with RRAS:
Configure VPN Access at server

Using the wizard:

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


In Routing and Remote Access Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP and/or PPtP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP or PPtP and access is granted

Client Settings:
Follow wizard for VPN connection
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043

I have this working here and I'm very pleased with the results.

PPTP is the simplest to set up. You can use L2TP with the IPSEC shared key (a passphrase) rather than a certificate on Windows 2003 RRAS. L2TP will traverse a NATted connection to the internet, which you may have if you have more than one machine at your house connected to the internet on a single connection.

Cheers

JamesDS
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
Nice explanation James...  :)  Looks a lot simpler when you explain it....  I know I could not have done it better...!!!  In fact, I think I will just paste it into my Company Server Manual.. haha

The Cisco VPN Client provides support for Windows 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32- and 64-bit), and Mac OS X 10.1 and 10.2 (Jaguar).

http://www.cisco.com/en/US/products/sw/secursw/ps2308/

Downloading and installing Cisco VPN client software

http://www.cites.uiuc.edu/vpn/download-install.html
0
 
LVL 16

Expert Comment

by:JamesDS
Comment Utility
FE

That is actually a cut and paste from my own build instructions, I run one of these out of my house :)

Can you use the Cisco VPN front end with the L2TP/IPSec backend, or does it insist on pure IPSec?

In answer to Quetzals Q I think use of the VPN as the gateway is configurable at the client. Certainly the MS client supports it, so it seems unlikely that Cisco wouldn't. And it does run on XP.

Cheers

JamesDS
0
 
LVL 11

Expert Comment

by:Quetzal
Comment Utility
James, I second the kudos for your instructions, I will steal them too :)

Thanks also for the ref to the next MS IPSEC update.  The old way was hideous and unusable.
0
 
LVL 11

Expert Comment

by:Quetzal
Comment Utility
geez, you'd think I can't type at all...

new->next
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
:)
0
 

Author Comment

by:StephenSimpsonx
Comment Utility
Thanks for everyones comments.  I got it working, though it took a couple of hours.  It was easy to follow JamesDS's instructions to set up the VPN server. I was able to connect to it right away, as soon as I opened port 1723 on the router.  It took some time to figure out how to get the drive mapping to connect though. My home network and the office network are on the same subnet, 192.168.1.x.  This caused a problem until I set up the vpn server to hand out ip addresses in 192.168,2,x.

I also cleared the checkbox called 'used default gateway on remote network' in the workstation vpn network connectin settings.

I works very well.

Thanks
0
 
LVL 40

Expert Comment

by:Fatal_Exception
Comment Utility
Glad to hear it...  Best of luck...

FE
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now