Need Basic VNP Help


I know next to nothing about VPN, but I guess I'm gonna learn soon cuz one of our clients wants it in order to ftp data back and forth.  I've done some reading and I have the gist of VPN but....

The client is asking what our VPN hardware is and what the external IP is etc. He says he's running checkpoint evironment. Do both ends of the VPN need hardware or routers?  I thought I could just configure a VPN connection on my XP to his office.  If he is the VPN server why would he be asking these questions.  I've got to email him back and don't want to sound like a dummy.

Hitherto, clients had just been ftp'g data to server space we've rented on the internet. Then all of our employees ( all 5 of us ), could download the pieces we needed.  This worked fine as most of us work at home.  Can the company renting the server space setup a VPN for us that we ( my company and our clients) can all access.

Oh yeah, one last thing. Do I need a static IP to connect to his VPN.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
Jim, there are several ways to create a VPN the 3 basic formats would be:
1) Hardware to hardware, or site-to-site VPN, which uses a VPN router at each site. The routers establish the tunnel and then users on either end have complete access to the other site unless some filtering is enabled.
2) A client to hardware VPN, where one end, usually the main office, has a VPN router configured to accept incoming connections. The remote site would be an individual computer with a software client installed. VPN authentication is done by by the router and then that user is allowed access to resources that have been made available to their user account. Most VPN routers can support both software and hardware clients.
3) A VPN server behind a router, most often this would be a Windows VPN server enabled by configuring RRAS, the remote client then connects to the router's IP, but traffic is forwarded to the VPN server for authentication.

>>" I thought I could just configure a VPN connection on my XP to his office.  If he is the VPN server why would he be asking these questions."
If they are using Checkpoint they probably will expect you to use the CheckPoint client software to connect. If so they will give you a package to install and you will just need a UserName and password. Though with a client it is not necessary to have a static IP, many companies set up their VPN rules to only allow connections from recognized IP's, in which case you would need a static IP. Then again, any company with traveling sales staff or equivalent allows connections from any IP.

Not quite sure what you mean by; " Can the company renting the server space setup a VPN for us that we ( my company and our clients) can all access".  Certainly an FTP server could be set up anywhere, with or without a VPN.

I appreciate there is not a lot of detail above. Please feel free to ask for more information.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
studioEtcAuthor Commented:

You pretty much answered all of my questions.  If the client insists on a site-to-site connection and we have to invest in a VPN router can you give me any kind of ball park as to what the cost might be. (remember we're a small office - 4 or 5 concurrent users would be a lot).

 I kind of get the feeling that the installation is something I shouldn't attempt myself; am I correct in assuming that someone who knows what they're doing could set it up in one day?

Thanks again,


oh yeah - one last thing. The office currently uses DSL. Is that going to be a problem?
Rob WilliamsCommented:
If you have multiple concurrent users in one location, you will want to  to use the hardware solution rather than a software client. You can purchase a VPN router for well under $200 US. The low end unit I like is the Linksys RV042 which is just over $200. However, you may be limited by the unit the main office is using. There is no question the best and easiest solution is to use a matching brand, but in many cases it is possible to get 2 different manufacturers products to talk to one another. If they are using Checkpoint you are probably looking at about $350 for an entry level unit with appropriate licensing for 5-6 users, but that is just an educated guess.
If someone else has configured the existing unit, you will pretty well have to have them configure the remote one, or at least have some assistance as you will not know the exact configuration, pass phrases, and access to certificates, if they use them.

As for your DSL, that is no problem. Two notes though; if it is a PPPoE connection, make sure "keep alive" is enabled, not a bad idea anyway, and if your modem is a combined modem and router, it should be put in Bridge mode rather than NAT. This allows all traffic to be passed through to the router which then establishes the connection. The mode is not a concern with basic modems, as all traffic is passed through by default.

ps, thanks for the points.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.