Creating a VPN
Posted on 2005-03-11
Ok I am a VPN virgin, and need to setup a VPN from my domain at work to some of the senior staff member's homes and laptops. I will also (of course) be granted access to the tunnel.
here is a lovely ruff visual representation of our network (here at work):
|| ISP Router ||
| WAN Interface
|| Hardware Firewall (M0n0wall) || --------- Webserver
|||||||||||||||||||||||||||||||||| DMZ Interface (bridged with WAN- ie. Transparent)
| LAN Interface
2003 Server Win2K Server
Here is my setup and capabilities:
* Our domain at work has a Static Public IP address (xx.xx.139.178) - WAN interface
* We use M0n0wall 1.1 as a hardware firewall solution. It supports PPTP and IPSec. It has a WAN interface, LAN interface, and a DMZinterface (for Webserver with public IP's)
* The senior staff have home networks using Cable Modem and dynamically assigned IP addresses (COX and Charter)
* Our internal Network (LAN Interface) is NAT'ed behind the firewall's WAN interface (192.168.172.0 subnet)
* The M0n0wall supports 1 to 1 NAT, Server NAT, Inbound, and Outbound NAT
* Windows 2003 Server is Primary Domain Controller and Win2k Server is Secondary DC
* Senior Staff home computers use Windows XP Pro
How do I go about setting this up on:
A) The firewall (Do I use IPSEC or PPTP, what is the difference or do I use both- how does this work?)
B) The server (PDC I am guessing)- When the senior staff member connects to the WAN interface, will he be promted to login under his Active Directory user account?- How does this work, and what is the server configuration?
C) On the client machines using Windows XP, how do I set this up? Do I have to join their home machines to my domain at work?
d) Once the VPN tunnel has been established and they are connected, how do I allow them access to their work computers and user shares?
Ok I know I am asking a lot here, so of course I will start this one off at 500 points...