question about setting up network that allows access to mobile users

Hello:

I do not have much experience with networking, because I do more programming stuff. A problem has arisen here and I am looking for a solution.

We have our main office in Barcelona and an office in Madrid.
We have two 2 servers: 1 is a Windows 2003 TS, the other is a Windows 2000 TS only with Administrator rights
We also have 2 routers: 1 is an ADSL one the other is a Cisco
We have a IP service provider that  serves as a intermediary link between Barcelona and Madrid.

Our Madrid users connect to corporate applications via Terminal Server through a router, called "router A" that only accepts users from a static IP (192.168.10.4). That works fine, but we now have a user with a laptop who connects via Wireless to the "internet" and from there, and we also have workers who would like to connect from home.  They would need to connect to router A and then use TS. Right now, the only way our "mobile laptop user" can connect is to connect to the internet (dynamic IPs), and then from there to an ADSL router called "router B", which has one default gateway, 192.168.10.51, and then from there to an Administrator account on a different machine using TS. This also is working..........but I do not like it.

How can I set it up so that all of our users, can connect to router A? Or rather how I set the gateway to accept the Madrid users or any external user?

thanks,

joseph
LVL 1
CEGEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gsgiCommented:
You questions are not specific enough.

To set Router A so that it "answers" anyone, remove the limitation of only "answering" that one static address.
If you want to know how to do that exactly, we need the manufacturer and model number of router A.

-gsgi
0
CEGEAuthor Commented:
Thanks for answering...

Would that be enough? Just chnaging the router to stop answering only 1 address? I thought perhaps I would have to set up a VPN server, etc.  Is a VPN server that is solely dedicated to managing who gets in and out? I am asking to better understand the on-goings.

I don't know what model it it, I can check tomorrow.

cheers,
joseph
0
gsgiCommented:
"Our Madrid users connect to corporate applications via Terminal Server through a router, called "router A" that only accepts users from a static IP (192.168.10.4)."

If this is how you want the "others" to connect, then you remove the 192.168.10.4 restriction.
Since this ip address is 192.168.10.4 internal (because 192.168.x.x) by rule is internal, we know you must have a vpn.

Is this vpn pptp or ipsec?  If it is pptp there is a user name and a password that router B is handing to router A.  Your users will need this username and password.  If it is ipsec, then there are codes (called certificates) that one router hands the other, these are either pre-shared keys or negotiated off of the certificates entered.  If it is ipsec, this will be trickier for you.

pptp is a vpn protocol that asks for a username and a password.  It is not thought to be as "secure" as ipsec, but it is used a lot because the standard operating systems, i.e. windows, come with pptp clients.  That is why I said if the vpn is using ipsec, it could be more tricky.  You may also want to do some research into what is called a RADIUS server.  A RADIUS server provided a user name and password when someone connects to it, then it allows the communication, which in this case would be terminal server.  In this senario you may not need the vpn at all.

Where is the vpn running?  The vpn may be running between the routers (and running on the routers) or the router in Madrid may be talking vpn through the router in barcelona with the server in barcelona that is behind the router in barcelona.  This is called vpn pass through communication.  So you need to find out if the router at barcelona is running the vpn or the server in barcelona is running the vpn.

See, there is a lot to this, hence our need for fairly specific questions.

Have a nice day.

-gsgi
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CEGEAuthor Commented:
thanks.

I am going to work on this this way. Should I need advice, may and how can I contact you?

cheers,

jis
0
gsgiCommented:
gsgi [{at}] hotmail [{dot}] com

-gsgi
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.