Solved

VPN where to start

Posted on 2006-10-30
4
189 Views
Last Modified: 2010-04-12
my company has just taken on an extra sales office in a nearby city with 3 employees in.

now they have decided that they would like them to connect into or network.

i have heard vpn's are the way to go but do not know where to start.

our hq has a sonicwall tz150 with a 5vpn licence i have available 5 static ips.
i have 3 windows server 2003 servers.  
1 is a dc,dns,dhcp
2 is exchange 2003
3 is sql server 2000

i need the new office to be able to act asif they are part of the same network, so they can access exchange, sql, documents, run our customer database program etc.


i do not know the difference between the firewall vpn and win 2003 vpn

ideally i don't want to have to have a dedicated machine for this because budget are very tight.  however security is paramount

Any help is appreciated

Thanks
0
Comment
Question by:Marcusw
  • 3
4 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17838459
I haven't worked with the Sonicwalls, so I cannot be too specific, but you have several options. First you can create a client-to-site VPN tunnel or a site-to-site tunnel. The client-to-site uses a software client that establishes a connection/tunnel between a single computer and a VPN server or router. The site-to -site VPN would be between 2 hardware devices such as 2 Windows servers, or more often 2 VPN routers like the Sonicwall TZ150's. As mentioned the head office can use the Windows server, using built-in RRAS (Routing and Remote Access Service) or the VPN router, in your case the Sonicwall, as the VPN end point. Using the router will give you a little better performance, as you have a dedicated device doing the encrypting and un-encrypting. Also, using the router is a little more secure, as it uses the IPSec protocol, rather than PPTP, and also does not require opening any ports on the router/firewall. If you choose to use the Sonicwall as the VPN end point, then you will need to use it's matching Global VPN client for a client-to-site connection or another Sonicwall router for site-to-site. Since you appear to have multiple clients connecting from one site to the main office, you really should purchase a second router and create a site-to-site tunnel. Using the client is more intended for mobile users or a home office. The following site has the documentation for most Sonicwall configuration options:
http://www.sonicwall.com/support/VPN_documentation.html
0
 

Author Comment

by:Marcusw
ID: 17857709
Thanks for the info.

just one thing, do i have to do anything to my servers if i go with the router option
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17858517
No, if you use the Sonicwall Global VPN client and the Sonicwall router as the VPN end point, there are no changes required to the servers for the VPN.
However, the Sonicwall may need to assign the client an IP address using DHCP.  If so, make sure this does not conflict with the existing DHCP scope/range in the office. Often in the office you might assign something like x.x.x.100 to x.x.x.199 for in office users and allow the VPN router to assign  x.x.x.200 to x.x.x.225 for VPN users.
The other concern is software firewalls on the server, such as the Windows Firewall. Once the user is connected to the VPN, they have access to all services the same as a user in the office, but the firewall has the ability to block users by subnet, it may need to be configured, if enabled, to allow the remote users. This is not usually necessary, but if some services are unavailable, keep it in mind.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17880892
Thanks Marcusw,
--Rob
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now