Solved

VPN where to start

Posted on 2006-10-30
4
225 Views
Last Modified: 2010-04-12
my company has just taken on an extra sales office in a nearby city with 3 employees in.

now they have decided that they would like them to connect into or network.

i have heard vpn's are the way to go but do not know where to start.

our hq has a sonicwall tz150 with a 5vpn licence i have available 5 static ips.
i have 3 windows server 2003 servers.  
1 is a dc,dns,dhcp
2 is exchange 2003
3 is sql server 2000

i need the new office to be able to act asif they are part of the same network, so they can access exchange, sql, documents, run our customer database program etc.


i do not know the difference between the firewall vpn and win 2003 vpn

ideally i don't want to have to have a dedicated machine for this because budget are very tight.  however security is paramount

Any help is appreciated

Thanks
0
Comment
Question by:Marcusw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17838459
I haven't worked with the Sonicwalls, so I cannot be too specific, but you have several options. First you can create a client-to-site VPN tunnel or a site-to-site tunnel. The client-to-site uses a software client that establishes a connection/tunnel between a single computer and a VPN server or router. The site-to -site VPN would be between 2 hardware devices such as 2 Windows servers, or more often 2 VPN routers like the Sonicwall TZ150's. As mentioned the head office can use the Windows server, using built-in RRAS (Routing and Remote Access Service) or the VPN router, in your case the Sonicwall, as the VPN end point. Using the router will give you a little better performance, as you have a dedicated device doing the encrypting and un-encrypting. Also, using the router is a little more secure, as it uses the IPSec protocol, rather than PPTP, and also does not require opening any ports on the router/firewall. If you choose to use the Sonicwall as the VPN end point, then you will need to use it's matching Global VPN client for a client-to-site connection or another Sonicwall router for site-to-site. Since you appear to have multiple clients connecting from one site to the main office, you really should purchase a second router and create a site-to-site tunnel. Using the client is more intended for mobile users or a home office. The following site has the documentation for most Sonicwall configuration options:
http://www.sonicwall.com/support/VPN_documentation.html
0
 

Author Comment

by:Marcusw
ID: 17857709
Thanks for the info.

just one thing, do i have to do anything to my servers if i go with the router option
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17858517
No, if you use the Sonicwall Global VPN client and the Sonicwall router as the VPN end point, there are no changes required to the servers for the VPN.
However, the Sonicwall may need to assign the client an IP address using DHCP.  If so, make sure this does not conflict with the existing DHCP scope/range in the office. Often in the office you might assign something like x.x.x.100 to x.x.x.199 for in office users and allow the VPN router to assign  x.x.x.200 to x.x.x.225 for VPN users.
The other concern is software firewalls on the server, such as the Windows Firewall. Once the user is connected to the VPN, they have access to all services the same as a user in the office, but the firewall has the ability to block users by subnet, it may need to be configured, if enabled, to allow the remote users. This is not usually necessary, but if some services are unavailable, keep it in mind.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17880892
Thanks Marcusw,
--Rob
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question