Go Premium for a chance to win a PS4. Enter to Win


New remote site, which hardware should I use for a site-site VPN?

Posted on 2006-07-20
Medium Priority
Last Modified: 2010-04-12
Hi Guys,

We are setting up a new site, and are looking for the best way to establish a connection back to our head office. We already have a Microsoft PPTP VPN server setup and configured for individual users to gain remote access to our head office. The new office will have two thin clients and a network printer.

I was thinking the best way of setting this up would be to setup a site-site VPN connection as this will allow the thin clients to connect to the terminal server, and the terminal server will be able to print to the network printer, allowing anyone, including staff in our head office to print to the remote office printer.

However, I don't know which hardware or software would be the best way to go. I would prefer to use the Microsoft PPTP VPN we have setup so that we don't have to change our RADIUS reporting, and so that our firewall configuration will be centralised.

Are there any cost effective routers out there that will connect to a Microsoft PPTP VPN?
If not, then what about cheap routers that will allow the use of a RADIUS server for auth?

Thanks for the help

Question by:peter_field
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 17158804
Take a look at Linksys RV0x series. They support both IPSEC VPN's and PPTP VPN's, at least as servers, but I'm not sure they can act as a PPtP client and route, too..
With a site-site VPN you don't really need the Radius authentication because it is more or less permanent. An IPSEC VPN between 2 linksys RV042's will take about 5 minutes to set up and works great. You can even set it up to pass your normal PPTP clients to your Microsoft server.

Author Comment

ID: 17189876
Sorry about the delay in posting a reply.

This looks like a good product, and probably the best I'll get for the price. Thanks for the pointer.

The other thing is that I don't fully trust the remote office, I think users will be bringing in notebooks that may well be infected, and also, browsing inappropriate sites on the Internet.

What I would like is to limit what the remote site can access both on the Internet, and via the VPN connection. Is it possible to:
1. Block direct Internet access from the remote site (with the exception of SMTP to a specific internet SMTP server) so that all Internet traffic must pass our ISA proxy in the head office?
2. Firewall access to the head office. i.e. from the remote office, only allow access to the terminal server on port 3389, and to the SBS server on port 8080 so that if there are infected PC's etc in the remote office, they pose no threat?
3. Allow full access to the remote office from the head office.


LVL 79

Expert Comment

ID: 17207602
My suggestion would be to setup a Proxy server at the main site and force all traffic through the VPN tunnel. If you don't then you may find that the remote sites' internet traffic has to traverse your own Internet link twice. At least the proxy can cache some of it.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question