New remote site, which hardware should I use for a site-site VPN?
Hi Guys,
We are setting up a new site, and are looking for the best way to establish a connection back to our head office. We already have a Microsoft PPTP VPN server setup and configured for individual users to gain remote access to our head office. The new office will have two thin clients and a network printer.
I was thinking the best way of setting this up would be to setup a site-site VPN connection as this will allow the thin clients to connect to the terminal server, and the terminal server will be able to print to the network printer, allowing anyone, including staff in our head office to print to the remote office printer.
However, I don't know which hardware or software would be the best way to go. I would prefer to use the Microsoft PPTP VPN we have setup so that we don't have to change our RADIUS reporting, and so that our firewall configuration will be centralised.
Are there any cost effective routers out there that will connect to a Microsoft PPTP VPN?
If not, then what about cheap routers that will allow the use of a RADIUS server for auth?
Thanks for the help
Peter
We are setting up a new site, and are looking for the best way to establish a connection back to our head office. We already have a Microsoft PPTP VPN server setup and configured for individual users to gain remote access to our head office. The new office will have two thin clients and a network printer.
I was thinking the best way of setting this up would be to setup a site-site VPN connection as this will allow the thin clients to connect to the terminal server, and the terminal server will be able to print to the network printer, allowing anyone, including staff in our head office to print to the remote office printer.
However, I don't know which hardware or software would be the best way to go. I would prefer to use the Microsoft PPTP VPN we have setup so that we don't have to change our RADIUS reporting, and so that our firewall configuration will be centralised.
Are there any cost effective routers out there that will connect to a Microsoft PPTP VPN?
If not, then what about cheap routers that will allow the use of a RADIUS server for auth?
Thanks for the help
Peter
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My suggestion would be to setup a Proxy server at the main site and force all traffic through the VPN tunnel. If you don't then you may find that the remote sites' internet traffic has to traverse your own Internet link twice. At least the proxy can cache some of it.
ASKER
This looks like a good product, and probably the best I'll get for the price. Thanks for the pointer.
The other thing is that I don't fully trust the remote office, I think users will be bringing in notebooks that may well be infected, and also, browsing inappropriate sites on the Internet.
What I would like is to limit what the remote site can access both on the Internet, and via the VPN connection. Is it possible to:
1. Block direct Internet access from the remote site (with the exception of SMTP to a specific internet SMTP server) so that all Internet traffic must pass our ISA proxy in the head office?
2. Firewall access to the head office. i.e. from the remote office, only allow access to the terminal server on port 3389, and to the SBS server on port 8080 so that if there are infected PC's etc in the remote office, they pose no threat?
3. Allow full access to the remote office from the head office.
Thanks
Peter