vpn remote office into SBS2003 server

Posted on 2006-05-10
Last Modified: 2012-05-05
I have a main office with 12 users on a SBS2003 network.  The SBS2003 server acts as my router/firewall as well.  I have VPN setup on the machine and RRAS and i can VPN to it fine after configuring the windows xp vpn utility.  I am adding a remote office with 3 computers that i also want to be on the same domain so i can use file sharing, exchange mail, user accunts, and have all the printers accessible wherever.  Is there a way i can either have the machines make a VPN connection everytime they turn on to the SBS2003 server or somehow make my hardware router at the remote office make the VPN connection for me?  I have a befsx41 right now, but would also be willing to get another router if needed.  Please submit any ideas you have for my situation.  I do not want to mess with a hardware router at the main office.  I just want to get the three machines up at the remote office so i can use it just like im inside the other office.  Thanks for all your time who read my post.
Question by:danej256
    LVL 48

    Accepted Solution

    Hi danej256,

    hardware VPN between routers is a much better solution, then it is a permanent link......

    you will have to alter your head office router and make sure it supports VPN - have a skim throught the the guide that came with it

    LVL 1

    Assisted Solution

    Hi Danej256

    In my humble opinion, having your main server run as a firewall is quite risky. Yes, I know it can and does work for your but... IF a vulnerability were to be discovered before it is patched, your company jewels would be left unprotected. I would advise a true firewall of some kind.

    We use a PIX515 firewall but for your main office I would suggest a PIX 501. It supports 10 concurrent connections so it can handle the load easily and it provides great protection. You can also set it up for RADIUS where you defer remote VPN login to your domain server.

    On our network remote office, I installed a PIX 501 firewall that I set up to auto-build a VPN between our campus PIX. The systems at the remote office sit on a private network and are secured from the open net by the PIX. The 501 only ran a few (~$400) dollars. I also configured the 501 to split-tunnel so only the traffic headed to the main campus goes through the tunnel. It was quite easy but if needed, a Cisco engineer can help you set it up rather quickly.

    So for about $800+ you can protect both your offices, provide automatic VPN tunnels and browse seamlessly across your network.

    Author Comment

    I understand what you mean exactly.  Let me go into more detail of my situation.  I was just asking this question in general without going into further detail, but it may be beneficial to explain my situation in full detail.  We have many remote offices, and right now all of them are connected to each other via frame relay.  We have a T1 line at our corporate office where i redirect the static ip address ports i need to the remote sites if i need external access to them.  So the server at the office i described as our main (isnt really main) just does a small part of what our other offices do.  I am only forwarding a small number of ports to the server at this office (3389, 21, VPN).  I want to setup my home to fully work inside the network of this office as if i were there at the remote site.  So i was actually more looking for a procedure i could setup on the workstation to automatically connect it to the vpn before it logs on so the startup script would still run.  Then once i am in it is like i am still inside the network.  I have a cisco 2620xm router at the corporate office and a cisco 1721 at the remote site i want to connect too.  What i am afraid i may have to do to get this to work is get a new main router that supports VPN connections, i am not too familair with all the ability out there that is at a reasonable cost.  But i would be willing to purchase something if necessary.
    LVL 1

    Expert Comment

    So you want your Home XP workstation to Auto-connect a VPN tunnel to your remote office prior to you logging on right? I believe the 501 will provide that for you. Your VPN tunnel would remain up at all times providing you access to your network. My remote office systems work similarly and the scripts run just like they were sitting in the main office. We even integrate systems into the domain across that same link. I think the 501 would work when connected directly to a Win2k3 server.

    Author Comment

    do you have any info on the pix501 to configure it to connect to pptp or another way?

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    This video discusses moving either the default database or any database to a new volume.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now