remote client access to windows server 2003 through a hardware based vpn.

Hi Experts,

I am setting up a hardware based vpn to connect a small remote office with workstations only to a larger main office with a  Windows server 2003 as a DC.

How should the remote clients authenticate, what is needed for the remote client to access the server file sharing capabilties and log on the domain? I am confused between the software based vpn solutions, do I still need to setup RAS, please detail a step by step procedure on what must be done on the server side, I do not want to use remote desktop into the server through this vpn tunnel.

Once they are pass the vpn tunnel  side is it bussiness as usual and I setup them up as if they are a local client on the domain or is there something else that is needed to authenticate them as remote clients to the server if I want them part of the same domain? Server Remote policy settings etc? What then is needed on the remote client side if these are XP professional workstations?

Thanks so much for your help!



Emog500Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jwildingCommented:
Set up the VPN tunnel to link the two networks, making sure the IP ranges differ at each end.  At the remote end, you need to ensure your PCs are configured with the AD DNS as the primary DNS server in their IP properties.  If they can find the AD DNS, they will be able to do everything else you need of them.  Add the remote network range to AD sites and services Subnets.  You will not need RAS.

J
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Emog500Author Commented:
Really appreciate the help, I know about the different subnets and the vpn stuff just not sure what else is needed on the server config side. So when a user from the remote site logs in does he see a login ID as if he was local or is there an authentication step that must be done before he can log onto the domain that is different than a user at the main site? Does anything need to be done in the policy config pages on the server to accept this remote site?
0
jwildingCommented:
So long as the client PC has an unrestricted IP path to the server and can find the AD DNS, their user experience will be the same as if they were on the same LAN as the server, except that performance will be reduced.  File sharing over the link may be dog slow.  If you have Exchange server 2003, make sure your remote users have Outlook 2003 which is in cached Exchange mode.  If you are using WINS, make sure your remote users point to the WINS server at the main site.  Also look at your VPN config.  For performance you want to split tunnel.  I.e. all traffic that needs to go to the main site goes down the VPN, all other internet traffic such as web browsing goes around the VPN direct to the internet.  This last bit may have some security implications, but most small businesses do it in my experience.

J
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Emog500Author Commented:
For a small office of less than 10 users and a fractional T1 line traffic should be okay, split tunnel that is something new I have never heard of where in most FW do you find that?  I see the configs for setting up phase 1 and phase 2 of a ipsec tunnel but not sure were or how splitting comes into the picture? I am using a fortigate vpn, resembles a watchguard FW. Can you tell me how this is done between the 2 vpn firewalls?
0
jwildingCommented:
If it is like Watchguard, I believe it will split tunnel by default.  Basically if your main work subnet is 192.168.8.0/24; you set the remote firewall to only route traffic for that LAN down the VPN and all other traffic goes around the VPN and out via the router.  You can test it by doing a route trace from a remote PC to say google.com.  If it goes via your main site, then it is forcing all traffic down the VPN, which will be slower.
I've never used a fortigate (always wanted to though).
Yes a T1 should be fine for your number of users.

J
0
Emog500Author Commented:
Yes you are correct I just checked that only pptp protocols need configuring and not L2TP, again really appreciate all your help however I am new to this site in asking questions, you are the first,  I hope you got your points but if you did not please show me how I can do this.

I have read and heard doing this by vpn maybe slow as you have said is getting terminal servers licenses a better way to go?

0
jwildingCommented:
TS licenses may speed things up, but it depends on where the data the remote users need to work with is sited.  If it is at their own site, TS won't help, if it's at the main site, it may help more or less, depending upon file sizes.  I would test it first without TS and then think about TS later if you need it.
0
Emog500Author Commented:
thanks again! your help has been very valuable! take care!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.