Need Basic VNP Help

Greetings,

I know next to nothing about VPN, but I guess I'm gonna learn soon cuz one of our clients wants it in order to ftp data back and forth.  I've done some reading and I have the gist of VPN but....

The client is asking what our VPN hardware is and what the external IP is etc. He says he's running checkpoint evironment. Do both ends of the VPN need hardware or routers?  I thought I could just configure a VPN connection on my XP to his office.  If he is the VPN server why would he be asking these questions.  I've got to email him back and don't want to sound like a dummy.

Hitherto, clients had just been ftp'g data to server space we've rented on the internet. Then all of our employees ( all 5 of us ), could download the pieces we needed.  This worked fine as most of us work at home.  Can the company renting the server space setup a VPN for us that we ( my company and our clients) can all access.

Oh yeah, one last thing. Do I need a static IP to connect to his VPN.

Thanks,

Jim
studioEtcAsked:
Who is Participating?
 
Rob WilliamsCommented:
Jim, there are several ways to create a VPN the 3 basic formats would be:
1) Hardware to hardware, or site-to-site VPN, which uses a VPN router at each site. The routers establish the tunnel and then users on either end have complete access to the other site unless some filtering is enabled.
2) A client to hardware VPN, where one end, usually the main office, has a VPN router configured to accept incoming connections. The remote site would be an individual computer with a software client installed. VPN authentication is done by by the router and then that user is allowed access to resources that have been made available to their user account. Most VPN routers can support both software and hardware clients.
3) A VPN server behind a router, most often this would be a Windows VPN server enabled by configuring RRAS, the remote client then connects to the router's IP, but traffic is forwarded to the VPN server for authentication.

>>" I thought I could just configure a VPN connection on my XP to his office.  If he is the VPN server why would he be asking these questions."
If they are using Checkpoint they probably will expect you to use the CheckPoint client software to connect. If so they will give you a package to install and you will just need a UserName and password. Though with a client it is not necessary to have a static IP, many companies set up their VPN rules to only allow connections from recognized IP's, in which case you would need a static IP. Then again, any company with traveling sales staff or equivalent allows connections from any IP.

Not quite sure what you mean by; " Can the company renting the server space setup a VPN for us that we ( my company and our clients) can all access".  Certainly an FTP server could be set up anywhere, with or without a VPN.

I appreciate there is not a lot of detail above. Please feel free to ask for more information.
0
 
studioEtcAuthor Commented:
Thanks,

You pretty much answered all of my questions.  If the client insists on a site-to-site connection and we have to invest in a VPN router can you give me any kind of ball park as to what the cost might be. (remember we're a small office - 4 or 5 concurrent users would be a lot).

 I kind of get the feeling that the installation is something I shouldn't attempt myself; am I correct in assuming that someone who knows what they're doing could set it up in one day?

Thanks again,

Jim

oh yeah - one last thing. The office currently uses DSL. Is that going to be a problem?
0
 
Rob WilliamsCommented:
If you have multiple concurrent users in one location, you will want to  to use the hardware solution rather than a software client. You can purchase a VPN router for well under $200 US. The low end unit I like is the Linksys RV042 which is just over $200. However, you may be limited by the unit the main office is using. There is no question the best and easiest solution is to use a matching brand, but in many cases it is possible to get 2 different manufacturers products to talk to one another. If they are using Checkpoint you are probably looking at about $350 for an entry level unit with appropriate licensing for 5-6 users, but that is just an educated guess.
If someone else has configured the existing unit, you will pretty well have to have them configure the remote one, or at least have some assistance as you will not know the exact configuration, pass phrases, and access to certificates, if they use them.

As for your DSL, that is no problem. Two notes though; if it is a PPPoE connection, make sure "keep alive" is enabled, not a bad idea anyway, and if your modem is a combined modem and router, it should be put in Bridge mode rather than NAT. This allows all traffic to be passed through to the router which then establishes the connection. The mode is not a concern with basic modems, as all traffic is passed through by default.

--Rob
ps, thanks for the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.