We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

VPN where to start

Marcusw
Marcusw asked
on
Medium Priority
245 Views
Last Modified: 2010-04-12
my company has just taken on an extra sales office in a nearby city with 3 employees in.

now they have decided that they would like them to connect into or network.

i have heard vpn's are the way to go but do not know where to start.

our hq has a sonicwall tz150 with a 5vpn licence i have available 5 static ips.
i have 3 windows server 2003 servers.  
1 is a dc,dns,dhcp
2 is exchange 2003
3 is sql server 2000

i need the new office to be able to act asif they are part of the same network, so they can access exchange, sql, documents, run our customer database program etc.


i do not know the difference between the firewall vpn and win 2003 vpn

ideally i don't want to have to have a dedicated machine for this because budget are very tight.  however security is paramount

Any help is appreciated

Thanks
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
I haven't worked with the Sonicwalls, so I cannot be too specific, but you have several options. First you can create a client-to-site VPN tunnel or a site-to-site tunnel. The client-to-site uses a software client that establishes a connection/tunnel between a single computer and a VPN server or router. The site-to -site VPN would be between 2 hardware devices such as 2 Windows servers, or more often 2 VPN routers like the Sonicwall TZ150's. As mentioned the head office can use the Windows server, using built-in RRAS (Routing and Remote Access Service) or the VPN router, in your case the Sonicwall, as the VPN end point. Using the router will give you a little better performance, as you have a dedicated device doing the encrypting and un-encrypting. Also, using the router is a little more secure, as it uses the IPSec protocol, rather than PPTP, and also does not require opening any ports on the router/firewall. If you choose to use the Sonicwall as the VPN end point, then you will need to use it's matching Global VPN client for a client-to-site connection or another Sonicwall router for site-to-site. Since you appear to have multiple clients connecting from one site to the main office, you really should purchase a second router and create a site-to-site tunnel. Using the client is more intended for mobile users or a home office. The following site has the documentation for most Sonicwall configuration options:
http://www.sonicwall.com/support/VPN_documentation.html

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks for the info.

just one thing, do i have to do anything to my servers if i go with the router option
CERTIFIED EXPERT
Top Expert 2013

Commented:
No, if you use the Sonicwall Global VPN client and the Sonicwall router as the VPN end point, there are no changes required to the servers for the VPN.
However, the Sonicwall may need to assign the client an IP address using DHCP.  If so, make sure this does not conflict with the existing DHCP scope/range in the office. Often in the office you might assign something like x.x.x.100 to x.x.x.199 for in office users and allow the VPN router to assign  x.x.x.200 to x.x.x.225 for VPN users.
The other concern is software firewalls on the server, such as the Windows Firewall. Once the user is connected to the VPN, they have access to all services the same as a user in the office, but the firewall has the ability to block users by subnet, it may need to be configured, if enabled, to allow the remote users. This is not usually necessary, but if some services are unavailable, keep it in mind.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks Marcusw,
--Rob
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.