IPSec VPN help needed- how does this work?
Posted on 2005-04-25
Ok, well at my company we are using a hardware firewall (Smoothwall Express 2.0- fix6, with the VPN IPSec3.1.1 pack).
I succesfully configured my firewall with the VPN IPSec mod- and a client (my laptop- a test road-warrior) using SSHSentinel as the IPSec client for the laptop. Successfully made the connection with shared secret etc... I just have a couple questions- I am a complete newbie to VPN's and need some guidance.
- Here at work we are an Active Directory Integrated domain (Win2003and 2k servers)
1) Now that I can succesfully connect to the firewall from the laptop using SSHSentinel, what do I need to do next on my domain (internal) side to allow for individual users to authenticate and access pre-determined resources via the VPN tunnel?
Since the Firewall is the VPN endpoint, I guess I do not need to configure a Routing and remote access server. I want to allow only pre-determined users (which will be mobile users and a couple at-home users) to:
a.) Access their User Folders
b.) Remote Desktop Connection to their individual work computer
2) I want to make these connections as SECURE as possible- Is a shared secret enough security for the client (SSHSentinel) to authenticate to the firewall?
3) I gave this a test run from my house and succesfully connected to the domain. Since I know the IP addresses of my domain, I tried accessing a file server's shares and was succesful (and was prompted for username and password before it let me) as logging in as the admin. Is this how the users will be doing it? I need a push in the right direction here!!!
I want to keep security in mind as I am setting this up, and very much appreciate any and all help.