• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 768
  • Last Modified:

VPN Setup

Hi, I'm a bit of a newbie, so, not quite sure where to start...

This is what I trying to do:
I want to be able to have my home network (compouters, and maybe printers, if not too complicated) available (as a network neighbourhood?) when I travel, using various computers, both Win and OSx... from static & dynamic IP connections...

This is what I have:
At home, I have a static IP adsl2 connection (up 1Mbit, down 20Mbit), with a Zyxel 660 Modem connected to it. Connected to the modem is a Netgear WGT624 Wireless router, to which all computers are connected (1 Win XP pro, 1 Win2kServer, 1 MAC 10,3 & 1 Linksys USB File Server).

Is this possible? What do I do? I'd love to have specific advice, as I've never set a VPN up before.

Thanks a lot! :-)

0
mpaert
Asked:
mpaert
  • 5
  • 5
  • 5
  • +1
3 Solutions
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
You can connect via remote desktop or VPN if you have a machine to configure it on.  For Remote Desktop, just port forward TCP port 3389 to the machine you want to connect to.  You would set this on whatever device provided NAT, (the one that holds that static IP address).

If you had a server behind and setup RRAS (VPN), you would port forward TCP port 1723 to that box.

On the remote machine that you will use to connect with, you will use either Remote Desktop Connection or setup a VPN client.  
0
 
mpaertAuthor Commented:
Thanks.

I'm not quite sure about the following....

1:
By connecting through VPN, will all my computers at home appear in the "Network Neighbourhood" page? Or will it be some kind of different interface?

2:
Also, Would I be able to have both, VPN and Remote desktop (PC to PC & MAC to MAC either one or both).

3:
If I want all computers' shares to be visible in the VPN, to which computer do i forward port 1723? after all, all computers are connected to the WGT624... not to a central server...

4:
The VPN connection page asks for IP, user and pass. IP is straight forward, so should be user and pass, but if I don't connect to a specific server (see question 3), when what user and pass should I use?

I'm a little confused... :-]



0
 
holger12345Commented:
>>1:
Connecting to a VPN makes a remote computer become part of the local internal network. So the possibilities will be the same like when connecting the computer to the LAN with a cable (only a bit more complicated to setup)

>>2:
remote desktop and VPN are two different means to connect:
Remote Desktop is a software, where the client software can connect to the server software on a remote PC with the ability to control the serving PC virtually
VPN is a software to connect two networks (or possibly only client to network) over an insecure public transfer network, as if both connecting networks were closely tied together. This gives you no means to share resources or remote control a PC - you must have sharing and remote-control software enabled/installed together with the VPN to achieve this

>>3:
For VPN connection you MUST have a VPN server. Sometimes a sophisticated router is used (mostly in bigger network environments), moreoften the router is only connecting to the internet and has to forward the VPN connections to a PC as VPN server. As VPN server you can configure OS like win2k/2k3 server but also a winXPpro machine.
The Drawback is: There are tons of problem forwarding VPN through a router. The router needs VPN passthrough enabled and sometimes they don't support VPN passthrough as you need even if the specs say otherway. For example your WGT624: "However, certain communications functions like VPN may require turning off the SPI feature."

>>4:
see 3: you have to have a VPN server ... and there you configure user/pass ... so you have IP/user/pass ... just enter them at the client

hope this helped
Holger
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Fatal_ExceptionCommented:
....  My suggestion is just to go with Remote Desktop..  You will have fewer problems, and this is much easier to configure.  All you need is one system within your network to be running XP Pro, which would be considered the RDP Server.  To configure this, just follow these steps (some of which were outlined above)

1.  On the home XP Pro system, set a static IP address
2.  On the Home XP Pro system, configure Remote Desktop (My Computer > Properties > Remote tab > select Allow Users to connect Remotely ckbox / and select the users allowed to have access)
3.  Test your remote connection from within the LAN from the laptop you will be carrying with you.  Start > All Programs > Accessories > Communications > Remote Desktop Connection
4.  If successful, place a shortcut to Remote Desktop on your Desktop for easy access
5.  On the router, you will find a tab for Port Forwarding.  Configure port 3389 to be forwarded to the XP Pro system's ip address.
6.  Make note of your Global (Public) IP address, which is the address you will be using from outside your LAN.
7.  Now, test from outside the LAN.

With this setup, once you are connected to your internal system, you can use it to access all shares on your internal network..

FE
0
 
Fatal_ExceptionCommented:
Hmm.. one more thing..  if you are using a software firewall on your internal systems, be sure configure it to allow incoming RDP sessions..
0
 
holger12345Commented:
I would try the VPN server as there is more functionality and the environment looks well suited:
- The win2k server exist at the home LAN
- The IP is static
- You have full control like you are directly connected to the LAN - even a remote desktop (or VNC or PC anywhere) can be used over the VPN

Drawback:
- the router can hinder a proper connection - but that has to be tested

First view of VPN:
http://www.wown.com/articles_tutorials/vpn.html

Holger
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
When you connect via VPN, either with a Router or Firwall providing it or a VPN server, your machine becomes part of the network and is assigned an IP on that network.  It will be just like it is in the next room, but on a slower connection.

You can have both RDP and VPN.  At work, I port forward RDP to the computer I use most, (2 connections maximum).  I port forward a different set of ports for another remote access tool, PCAnywhere to a different PC, (1 connection maximum).  I also port forward the 1723 port to my VPN server for everyone to use, (No limit on connections).  Having said that, you can alweays RDP into a remote box and then RDP to any other boxes on that remote network.  I have 1 firestation without a server.  So, to remotely get to any box there, I RDP into the one that the port is fordwarded to and then rdp from there to the box I need to work on.  I had to do that last night.  Since RDP is only sending screen shots, it is very fast.

The RDP and PCAnywhere actually connect me to a specific computer where anything I do is processed.  Your remote computer basically just gets screen shots of what is happening remotely.  On the other hand, VPN connects you to the network and your local computer then becomes the place where everything happens.  Any data requested travels the vpn for execution on your computer.

RDP and PCAnywhere can terminate on a workstation at the remote site.  A VPN will terminate on a Server OR very common now a days, on a firewall or router. You will have to use your Wind2k Server, enabling RRAS for your VPN.  Your wireless device doesn't have VPN capabilities in itself.

If you share files on your existing network, you need to do nothing about the shares.  Any machine on the network, either wired, wireless or VPN will be able to see them.  

You will port forward 1723 to the IP address of your Win2k server to use that as the VPN endpoint.  Users will logon to the Win2K server over the VPN tunnel established and will be able to do anything a local computer can do on the network.  Be sure to allow dial-in access for the users.  It is actually very easy to do.

0
 
mpaertAuthor Commented:
Thanks very much guys, Points split for collective effort.
0
 
holger12345Commented:
thx to you... Holger
0
 
mpaertAuthor Commented:
one other quick question - woudln't it be best to have a hardware router that can do VPN - my win2k server is only a tired old machine, used for DVR and FTP...
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Either will do fine.  If you only have a few users, save the money.  If you have many and your 2k machine is feeling the load, then a hardware VPN will take the load off of the server.
0
 
Fatal_ExceptionCommented:
Hardware VPNs are quite reasonable right now too..  and in my opinion, easier to administer..  but as Sam says, it is more a personal preference.

and Thanks,

FE
0
 
mpaertAuthor Commented:
I just realized that I own a Symantec Firewall 100, isn't this just the tood to do it? (This was my last question, I promise) he he
0
 
holger12345Commented:
"Ensures secure, cost-effective access to networks for remote offices and business partners through an integrated IPSec VPN "
LOL .. yes it is! ... but if you don't want or need it - i'll pay the shipment over to me *hehe*

regards Holger
0
 
Fatal_ExceptionCommented:
Perhaps we should hold an auction!  :)

FE
0
 
holger12345Commented:
from symantec:
---------------------------------------------------------------------------------------------------
                                                   MODEL 100         MODEL 200          MODEL 200R
Firewall                                          Yes                     Yes                     Yes
Gateway to Gateway VPN                 Yes                      Yes                    Yes
Remote client to Gateway VPN          No                       No                      Yes
---------------------------------------------------------------------------------------------------

... seems your 100 can handle only initiating VPN sessions, not as a VPN server
But you have to study the manual well ... perhaps there's a better way to use it !
0
 
mpaertAuthor Commented:
I say...

Well, thanks again... I'll be back in a new Q&A thred... :-D

[$1M, no offers]
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
You need a Symantec 200R to do the unlimited client to gateway.  I have yads of experience with them and after my last issues, I replaced every single one of them, 9 in all, with Watchguard units.  The Gateway to Gateway VPN's were not stable nor were they holding long RDP or VPN sessions from outside.  For a stand alone unit, some worked better than others.
0
 
Fatal_ExceptionCommented:
You do realize that RDP sessions are encrypted, right?  (Not as secure as a VPN, but in your case, probably secure enough)...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now