StephenSimpsonx
asked on
Drive mapping through the Internet
We have a windows 2000 server computer. Its address is statically assigned 192.168.1.x. The router is hooked up to a DSL phone line. I would like to make a drive mapping from my home computer through the internet so I can access the Network that way. (Specifically right now I wish to access source safe, but also to copy files around)
Is there a secure way to set this up and if so, how is it best done? Thanks
Is there a secure way to set this up and if so, how is it best done? Thanks
BTW: if you decide to use Terminal Services and RDP, you will need to open up Port 3389 on your firewall/router, and map it to your Server's IP address...
Info on VPN and RRAS:
Virtual Private Networks for Windows 2000
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
Chapter 9 - Virtual Private Networking
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/intnetwk/part2/intch09.mspx
Virtual Private Networks for Windows 2000
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
Chapter 9 - Virtual Private Networking
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/intnetwk/part2/intch09.mspx
Fatal, I believe that you will find that TS and RDP drive mapping will not work, if you are thinking of the Drive Share utility, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;244725, which notes: "The Drive Share tool relies on NetBIOS name resolution to work. This tool is not guaranteed to work properly over the Internet because of router configurations. If the tool does not work, try to perform a net use command from inside a Terminal Services session back to your client computer. If this does not work, Drive Share also does not work." Only Citrix virtual channels give you reliable mapped drives over the Internet.
If you don't want to have the expense (but ease) of Citrix, your only other alternative is some kind of VPN connection. My primary reservation with using RRAS VPN connections is that your default gateway will become RRAS connection, which can create bandwidth congestion on the server end unless your are willing to mess the client machine routing table.
I personally like and use router-to-router VPN connections between home and work. I have a Linksys BEFVP41 at home making a 3DES connection to my Pix 501 at work. Both networks appear local to one another; my home default gateway is still my own ISP. I can access folders/files from either end in both directions by mapping drives or using UNC names.
If you don't want to have the expense (but ease) of Citrix, your only other alternative is some kind of VPN connection. My primary reservation with using RRAS VPN connections is that your default gateway will become RRAS connection, which can create bandwidth congestion on the server end unless your are willing to mess the client machine routing table.
I personally like and use router-to-router VPN connections between home and work. I have a Linksys BEFVP41 at home making a 3DES connection to my Pix 501 at work. Both networks appear local to one another; my home default gateway is still my own ISP. I can access folders/files from either end in both directions by mapping drives or using UNC names.
Yes... that is why I mentioned installing RRAS and a VPN.. But I do agree that a hardware VPN solution works best.. I use Cisco and the Cisco VPN utility for mine... Not nearly the overhead or admin headaches of RRAS..
Fatal, when you use Cisco VPN client, does it change default gateway to VPN connection or leave it alone? Will it run on XP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nice explanation James... :) Looks a lot simpler when you explain it.... I know I could not have done it better...!!! In fact, I think I will just paste it into my Company Server Manual.. haha
The Cisco VPN Client provides support for Windows 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32- and 64-bit), and Mac OS X 10.1 and 10.2 (Jaguar).
http://www.cisco.com/en/US/products/sw/secursw/ps2308/
Downloading and installing Cisco VPN client software
http://www.cites.uiuc.edu/vpn/download-install.html
The Cisco VPN Client provides support for Windows 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32- and 64-bit), and Mac OS X 10.1 and 10.2 (Jaguar).
http://www.cisco.com/en/US/products/sw/secursw/ps2308/
Downloading and installing Cisco VPN client software
http://www.cites.uiuc.edu/vpn/download-install.html
FE
That is actually a cut and paste from my own build instructions, I run one of these out of my house :)
Can you use the Cisco VPN front end with the L2TP/IPSec backend, or does it insist on pure IPSec?
In answer to Quetzals Q I think use of the VPN as the gateway is configurable at the client. Certainly the MS client supports it, so it seems unlikely that Cisco wouldn't. And it does run on XP.
Cheers
JamesDS
That is actually a cut and paste from my own build instructions, I run one of these out of my house :)
Can you use the Cisco VPN front end with the L2TP/IPSec backend, or does it insist on pure IPSec?
In answer to Quetzals Q I think use of the VPN as the gateway is configurable at the client. Certainly the MS client supports it, so it seems unlikely that Cisco wouldn't. And it does run on XP.
Cheers
JamesDS
James, I second the kudos for your instructions, I will steal them too :)
Thanks also for the ref to the next MS IPSEC update. The old way was hideous and unusable.
Thanks also for the ref to the next MS IPSEC update. The old way was hideous and unusable.
geez, you'd think I can't type at all...
new->next
new->next
ASKER
Thanks for everyones comments. I got it working, though it took a couple of hours. It was easy to follow JamesDS's instructions to set up the VPN server. I was able to connect to it right away, as soon as I opened port 1723 on the router. It took some time to figure out how to get the drive mapping to connect though. My home network and the office network are on the same subnet, 192.168.1.x. This caused a problem until I set up the vpn server to hand out ip addresses in 192.168,2,x.
I also cleared the checkbox called 'used default gateway on remote network' in the workstation vpn network connectin settings.
I works very well.
Thanks
I also cleared the checkbox called 'used default gateway on remote network' in the workstation vpn network connectin settings.
I works very well.
Thanks
Glad to hear it... Best of luck...
FE
FE
If security were not a concern, and you were using W XP at home, we could just use Terminal Services and RDP, which will map the drives automatically...