• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

New remote site, which hardware should I use for a site-site VPN?

Hi Guys,

We are setting up a new site, and are looking for the best way to establish a connection back to our head office. We already have a Microsoft PPTP VPN server setup and configured for individual users to gain remote access to our head office. The new office will have two thin clients and a network printer.

I was thinking the best way of setting this up would be to setup a site-site VPN connection as this will allow the thin clients to connect to the terminal server, and the terminal server will be able to print to the network printer, allowing anyone, including staff in our head office to print to the remote office printer.

However, I don't know which hardware or software would be the best way to go. I would prefer to use the Microsoft PPTP VPN we have setup so that we don't have to change our RADIUS reporting, and so that our firewall configuration will be centralised.

Are there any cost effective routers out there that will connect to a Microsoft PPTP VPN?
If not, then what about cheap routers that will allow the use of a RADIUS server for auth?

Thanks for the help

Peter
0
peter_field
Asked:
peter_field
  • 2
1 Solution
 
lrmooreCommented:
Take a look at Linksys RV0x series. They support both IPSEC VPN's and PPTP VPN's, at least as servers, but I'm not sure they can act as a PPtP client and route, too..
With a site-site VPN you don't really need the Radius authentication because it is more or less permanent. An IPSEC VPN between 2 linksys RV042's will take about 5 minutes to set up and works great. You can even set it up to pass your normal PPTP clients to your Microsoft server.
0
 
peter_fieldAuthor Commented:
Sorry about the delay in posting a reply.

This looks like a good product, and probably the best I'll get for the price. Thanks for the pointer.

The other thing is that I don't fully trust the remote office, I think users will be bringing in notebooks that may well be infected, and also, browsing inappropriate sites on the Internet.

What I would like is to limit what the remote site can access both on the Internet, and via the VPN connection. Is it possible to:
1. Block direct Internet access from the remote site (with the exception of SMTP to a specific internet SMTP server) so that all Internet traffic must pass our ISA proxy in the head office?
2. Firewall access to the head office. i.e. from the remote office, only allow access to the terminal server on port 3389, and to the SBS server on port 8080 so that if there are infected PC's etc in the remote office, they pose no threat?
3. Allow full access to the remote office from the head office.

Thanks

Peter
0
 
lrmooreCommented:
My suggestion would be to setup a Proxy server at the main site and force all traffic through the VPN tunnel. If you don't then you may find that the remote sites' internet traffic has to traverse your own Internet link twice. At least the proxy can cache some of it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now