Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

remote client access to windows server 2003 through a hardware based vpn.

Posted on 2006-03-20
8
Medium Priority
?
314 Views
Last Modified: 2010-04-18
Hi Experts,

I am setting up a hardware based vpn to connect a small remote office with workstations only to a larger main office with a  Windows server 2003 as a DC.

How should the remote clients authenticate, what is needed for the remote client to access the server file sharing capabilties and log on the domain? I am confused between the software based vpn solutions, do I still need to setup RAS, please detail a step by step procedure on what must be done on the server side, I do not want to use remote desktop into the server through this vpn tunnel.

Once they are pass the vpn tunnel  side is it bussiness as usual and I setup them up as if they are a local client on the domain or is there something else that is needed to authenticate them as remote clients to the server if I want them part of the same domain? Server Remote policy settings etc? What then is needed on the remote client side if these are XP professional workstations?

Thanks so much for your help!



0
Comment
Question by:Emog500
  • 4
  • 4
8 Comments
 
LVL 5

Accepted Solution

by:
jwilding earned 1500 total points
ID: 16239225
Set up the VPN tunnel to link the two networks, making sure the IP ranges differ at each end.  At the remote end, you need to ensure your PCs are configured with the AD DNS as the primary DNS server in their IP properties.  If they can find the AD DNS, they will be able to do everything else you need of them.  Add the remote network range to AD sites and services Subnets.  You will not need RAS.

J
0
 

Author Comment

by:Emog500
ID: 16239611
Really appreciate the help, I know about the different subnets and the vpn stuff just not sure what else is needed on the server config side. So when a user from the remote site logs in does he see a login ID as if he was local or is there an authentication step that must be done before he can log onto the domain that is different than a user at the main site? Does anything need to be done in the policy config pages on the server to accept this remote site?
0
 
LVL 5

Expert Comment

by:jwilding
ID: 16240019
So long as the client PC has an unrestricted IP path to the server and can find the AD DNS, their user experience will be the same as if they were on the same LAN as the server, except that performance will be reduced.  File sharing over the link may be dog slow.  If you have Exchange server 2003, make sure your remote users have Outlook 2003 which is in cached Exchange mode.  If you are using WINS, make sure your remote users point to the WINS server at the main site.  Also look at your VPN config.  For performance you want to split tunnel.  I.e. all traffic that needs to go to the main site goes down the VPN, all other internet traffic such as web browsing goes around the VPN direct to the internet.  This last bit may have some security implications, but most small businesses do it in my experience.

J
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:Emog500
ID: 16240188
For a small office of less than 10 users and a fractional T1 line traffic should be okay, split tunnel that is something new I have never heard of where in most FW do you find that?  I see the configs for setting up phase 1 and phase 2 of a ipsec tunnel but not sure were or how splitting comes into the picture? I am using a fortigate vpn, resembles a watchguard FW. Can you tell me how this is done between the 2 vpn firewalls?
0
 
LVL 5

Expert Comment

by:jwilding
ID: 16240263
If it is like Watchguard, I believe it will split tunnel by default.  Basically if your main work subnet is 192.168.8.0/24; you set the remote firewall to only route traffic for that LAN down the VPN and all other traffic goes around the VPN and out via the router.  You can test it by doing a route trace from a remote PC to say google.com.  If it goes via your main site, then it is forcing all traffic down the VPN, which will be slower.
I've never used a fortigate (always wanted to though).
Yes a T1 should be fine for your number of users.

J
0
 

Author Comment

by:Emog500
ID: 16240549
Yes you are correct I just checked that only pptp protocols need configuring and not L2TP, again really appreciate all your help however I am new to this site in asking questions, you are the first,  I hope you got your points but if you did not please show me how I can do this.

I have read and heard doing this by vpn maybe slow as you have said is getting terminal servers licenses a better way to go?

0
 
LVL 5

Expert Comment

by:jwilding
ID: 16240642
TS licenses may speed things up, but it depends on where the data the remote users need to work with is sited.  If it is at their own site, TS won't help, if it's at the main site, it may help more or less, depending upon file sizes.  I would test it first without TS and then think about TS later if you need it.
0
 

Author Comment

by:Emog500
ID: 16240748
thanks again! your help has been very valuable! take care!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Screencast - Getting to Know the Pipeline

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question