?
Solved

VPN Advice - Home to Office Connection - require email and files/folder access

Posted on 2005-04-05
18
Medium Priority
?
619 Views
Last Modified: 2010-04-10
Hello Experts,

I would like to setup a VPN connection from a home to our office.

To be honest I know very little of VPN, simply I would like my boss to be able to bring his laptop home from work, connect it to his home wireless internet (2meg internet) router and log in to the network seemlessly over the internet,

the  main objective is to have full MS outlook access (i have done this by putting the IP of our office router in the POP settings, the router then points to the exchange server - problem is it only gives the inbox view wihich updates each time it is connected at home - also 2 profiles are required)
I would prefer it if outlook acted the same way it does when the laptop is connected to the LAN at the office, i.e Can see Inbox/Sent Items/Calendar etc.

Also the second objective is to have full files and folder access from our other server, again, seemless opening/editing and saving of files straight to the server.

I hope you are able to help. I have no idea of the cost, whether I need much software to carry this out. i will reply to comments and questions as soon as i can

Thanks, Jack
0
Comment
Question by:JackHodson
  • 4
  • 3
  • 2
  • +5
18 Comments
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 13711909
It might not cost very much at all, depending on what hardware/software that you've got in place.

If you have a firewall (PIX, Sonic Wall, Netgear...etc), it might already support IPSEC or PPTP VPN connections.  However if your firewall does not, but have you a Windows 2000 or 2003 server on your network you can still setup a VPN connection in a few easy steps by configuring Routing and Remote Access and setting-up network address translation on your firewall.

If you post some information about your network setup (do you have a firewall?  what kind?  do you have a static internet IP address?  More than one?  What kind of servers do you have on your LAN?, etc) and I and/or someone else will be able to give you a hand.
0
 
LVL 2

Expert Comment

by:pressevent
ID: 13711925
which version exchange at the office?  you could do RPC over HTTP if it's 2003.  that's a potential fix to the email issue.

as far as VPN goes, you'd need to add VPN functionality somewhere, which is often the firewall.  you can (in theory) get a cheap firewall that does VPN, like a linksys RV042 or it's ilk ... then it's a simple matter of configuring the VPN policy in the firewall, installing a client on the laptop, and teaching your boss how to use it.  i'm over simplifying, but it's not really that difficult to do.

going back to email, the things you describe are all pretty much available if you turn on outlook web access instead of having him use normal outlook ... not sure he'd like that, some bosses do, some don't.

what flavor windows server / exchange server / firewall hardware are you running?
0
 
LVL 88

Expert Comment

by:rindi
ID: 13711957
The easiest way to get this done would be to have a firewall/router at the office which already has built in VPN functionality. There are many such products around.

We for instance used to have a sonicwall. This device can be connected to through one VPN Tunnel at a time (the number of VPN clients that can connect at one time can be increased by buying more VPN Client licenses, with newer models there are probably already more built in clients. These devices are easy to configure and the VPN client is software based, so you don't need any special hardware at your home.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Author Comment

by:JackHodson
ID: 13711995
Thanks for the quick reply

We are quite outdated on the software side - so far we do not find a reason to upgrade the servers as they have always done what we want:

2 Servers with NT4 one of them has MS Exchange 5.5

I did not like OWA, still only showed the Inbox items

i can already see that our interent router/firewall which is about 5 years old could be the let down in this plan

- its a Netstar SBE, dont know if it is/was a popular product.

Jack
0
 
LVL 2

Assisted Solution

by:pressevent
pressevent earned 200 total points
ID: 13712043
yeah, that's old.  you need to strongly consider replacing that Netstar with something more modern, like the Linksys RV's or something.  think an RV042 is about $175.

not going to happen for you unless you spend some money.  i think $175 plus some time on your part is worth having the boss able to work from home (and you too).

i like the sonicwalls too, but i'm going to guess that you all don't want to spend big bucks, and those linksys's are cheap and easy to configure for VPN.
0
 
LVL 8

Expert Comment

by:steinmto
ID: 13712044
OWA should also show the calendar.

Here is a link for RRAS for NT 4.0

http://www.microsoft.com/ntserver/nts/downloads/winfeatures/rras/license.asp

It should have VPN service with it.

I do not have any NT 4..0 servers around to install it on to tell you how to do it.

Once it is setup on your server you can open port 1723 to the server on your router to allow
the vpn to go to your server.
0
 
LVL 9

Expert Comment

by:jjoseph_x
ID: 13712066
Actually don't bother with OWA...  you'd have to alllow direct HTTP/HTTPS access to your Exchange 5.5 box and since MS doesn't patch NT4 or Exchange 5.5 anymore it'd be an uncomfortably large security risk.   Since you need a VPN to access files anyhow, you'd be able to use that to access Exchange remotely.

0
 
LVL 4

Author Comment

by:JackHodson
ID: 13712291
@ pressevent - I see your point, I dont think he was expecting this with out spending a bit of money - once I have installed this hardware would I need to buy VPN software and licenses for the client machines?

@ steinmto - I found this article after reading your post - http://www.cgnet.com/Exchange/rras.htm --- this can be a temporary fix - how would the users access the folders on the servers at the office - would it just be a link in "My Network Places"? I guess this would enable opening/editing/saving in the same way it would be when in the office.

In laymans terms, once VPN (have never seen or used it) is setup, is it a case of connecting to the home router and clicking an icon that goes through an authentification procedure and logs you straight on the the network through this VPN "tunnel"?

I also can imagine this is very demanding on both internet connections? - both home and office have 2 meg connections, but the upload is considerably slower.

Maybe it is worth mentioning that the office has a static IP address but home is dynamic and changes a lot!! I have set it up with a DNS name server using dyndns.com but would I require a static IP both ends?

Jack
0
 
LVL 2

Assisted Solution

by:keenemarin
keenemarin earned 300 total points
ID: 13712349
Once you have your VPN client & server side set up, yes it really just is a double click, and you then have full access to your servers.

HOWEVER, it is a significant drag on your resources - and without getting into messy VPN connectivity like split tunnelling, you will only have a basic connection, it will take time.

Buy a PIX firewall, install, and then configure the VPN access to your servers (include your email server in there too), then download Cisco's VPN client installer from their site, and hey presto.

In essence, you need to update / replace your gateway.

We use PIX here, and I find it excellent - it is a little messy with configuration, but thats mostly because I dont like SSH to control these things. In fact, we are in the process of replacing our PIX firewall here, and I dont know whats happening to our existing one..

Keene
0
 
LVL 8

Assisted Solution

by:steinmto
steinmto earned 200 total points
ID: 13712356
once the users are connected to the VPN in to your network the should be able to map drives and access files and folders.  It would be slow on a 2 meg connection.  If you are concerned about speed you might to look in to Terminal Server/Citrix or something like GoToMyPC.
0
 
LVL 4

Author Comment

by:JackHodson
ID: 13712374
sorry to be so basic, when you all refer to a firewall, am I right in saying you mean the whole internet router with built in firewall? can youget them as two separate devices?

I will be contacting our ISP to see what options they provide.

Thanks
Jack
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13713077
I do exactly what the boss wants to do every day. I bring my laptop home, sit down in front of the bigscreen TV, connect wireless to my router, open Outlook and viola' - just like I'm at my desk at work.

How do I do it?
I have a PIX firewall at work, and a Linksys WRV54G VPN capable router at home. Took 5 minutes to setup a LAN-LAN permanent VPN tunnel. I don't have to deal with client software at all. I connect whether on my laptop, or my desktop in my home office, or a test laptop, whatever..

You could do the same thing. I really like the WRV54G, and you could put in a Linksys RV082 at the office to replace your old device. The web interface on both will take you about 10-15 minutes to be up an running. We can always provide step by step guidance if you need it.
0
 
LVL 23

Accepted Solution

by:
sciwriter earned 400 total points
ID: 13713140
<<To be honest I know very little of VPN, simply I would like my boss to be able to bring his laptop home from work, connect it to his home wireless internet (2meg internet) router and log in to the network seemlessly over the internet, >>

The only way to do this seamlessly and without hassle for your Boss it the kind of reccomendation of LRmoore, above -- use hardware routers.  Get 2 identical VPN endpoint routers, and it is a whole 30 minutes of setup, and you are DONE -- it works flawlessly.  Fiddle with windows' pathetically limited setup and you might be fighting it for months.  Some people find it easy, others impossible.  But with two routers like lrmoore's PIX -- or the budget version is the Linksys BEFSVP41 -- those cost only $75 each and I have tested them -- they give flawless IPSec VPN that stays up for months.  I wouldn't do it any other way than with routers.  So easy.  But be forwarned, if his home DSL does NOT give a true static IP address, he will have to pay for one every month.  VPN routers require a static IP to work.

Lrmoore -- please drop in on this Q -- I suggested to this person to get your advice --Q_21376438.html

Best to you all
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13713172
>VPN routers require a static IP to work
 Not with Mine.. The Linksys will let you make a connection using dyndns fqdn name.
 For my Remote Secure Gateway, I have 3 options (WRV54G)
     IP address, FQDN, or "any"
Pix lets you connect to dynamic endpoints. No problem.
Same configs on the Linksys RV0x series. That's why I suggested that for the office, and because the boss likes wireless at home, the WRV54G is really nice.



                                                   
                                                     
                                                     
                                                     
                                                     
                                                     
                                                     
                                                     
                                                     
                                                     
                                                     
0
 
LVL 23

Expert Comment

by:sciwriter
ID: 13713232
Good to know about Linksys, mine did not have that, but Cisco is now doing Linksys, so they are about identical to the mainsteam to low end Cisco at half the price -- only recently.  Check my link, lrmoore, thx.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13713358
Sorry, sciwriter, I just don't have time right now. Will check that link soonest.. I read it real quick, but I need to review it in detail and think about it a little bit...
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 300 total points
ID: 13714164
Yes, you'd have to replace your current gateway/router with one which also has VPN, like our sonicwall or the linksys that was mentioned. As I already mentioned, with the sonicwall you only need the hardware at the office end. The software to connect to the VPN is installed on those laptops/PCs that need it and whenever you need a connection with the office, you just start this software. Once connected, you can browse the lan and connect to resources as if you were at the office, only much slower. It makes things easier if your Office has a static IP address, but you can also use a sevrice like DynDNS to get things working.
0
 
LVL 4

Author Comment

by:JackHodson
ID: 13715361
Many many thanks to you all, this has been a great help - the prices quoted above make this seem very possibe.

I will split the points and be as fair as possible :)

Jack
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question