New remote site, which hardware should I use for a site-site VPN?

Posted on 2006-07-20
Last Modified: 2010-04-12
Hi Guys,

We are setting up a new site, and are looking for the best way to establish a connection back to our head office. We already have a Microsoft PPTP VPN server setup and configured for individual users to gain remote access to our head office. The new office will have two thin clients and a network printer.

I was thinking the best way of setting this up would be to setup a site-site VPN connection as this will allow the thin clients to connect to the terminal server, and the terminal server will be able to print to the network printer, allowing anyone, including staff in our head office to print to the remote office printer.

However, I don't know which hardware or software would be the best way to go. I would prefer to use the Microsoft PPTP VPN we have setup so that we don't have to change our RADIUS reporting, and so that our firewall configuration will be centralised.

Are there any cost effective routers out there that will connect to a Microsoft PPTP VPN?
If not, then what about cheap routers that will allow the use of a RADIUS server for auth?

Thanks for the help

Question by:peter_field
  • 2
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 17158804
Take a look at Linksys RV0x series. They support both IPSEC VPN's and PPTP VPN's, at least as servers, but I'm not sure they can act as a PPtP client and route, too..
With a site-site VPN you don't really need the Radius authentication because it is more or less permanent. An IPSEC VPN between 2 linksys RV042's will take about 5 minutes to set up and works great. You can even set it up to pass your normal PPTP clients to your Microsoft server.

Author Comment

ID: 17189876
Sorry about the delay in posting a reply.

This looks like a good product, and probably the best I'll get for the price. Thanks for the pointer.

The other thing is that I don't fully trust the remote office, I think users will be bringing in notebooks that may well be infected, and also, browsing inappropriate sites on the Internet.

What I would like is to limit what the remote site can access both on the Internet, and via the VPN connection. Is it possible to:
1. Block direct Internet access from the remote site (with the exception of SMTP to a specific internet SMTP server) so that all Internet traffic must pass our ISA proxy in the head office?
2. Firewall access to the head office. i.e. from the remote office, only allow access to the terminal server on port 3389, and to the SBS server on port 8080 so that if there are infected PC's etc in the remote office, they pose no threat?
3. Allow full access to the remote office from the head office.


LVL 79

Expert Comment

ID: 17207602
My suggestion would be to setup a Proxy server at the main site and force all traffic through the VPN tunnel. If you don't then you may find that the remote sites' internet traffic has to traverse your own Internet link twice. At least the proxy can cache some of it.

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question