Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

VPN where to start

my company has just taken on an extra sales office in a nearby city with 3 employees in.

now they have decided that they would like them to connect into or network.

i have heard vpn's are the way to go but do not know where to start.

our hq has a sonicwall tz150 with a 5vpn licence i have available 5 static ips.
i have 3 windows server 2003 servers.  
1 is a dc,dns,dhcp
2 is exchange 2003
3 is sql server 2000

i need the new office to be able to act asif they are part of the same network, so they can access exchange, sql, documents, run our customer database program etc.


i do not know the difference between the firewall vpn and win 2003 vpn

ideally i don't want to have to have a dedicated machine for this because budget are very tight.  however security is paramount

Any help is appreciated

Thanks
0
Marcusw
Asked:
Marcusw
  • 3
1 Solution
 
Rob WilliamsCommented:
I haven't worked with the Sonicwalls, so I cannot be too specific, but you have several options. First you can create a client-to-site VPN tunnel or a site-to-site tunnel. The client-to-site uses a software client that establishes a connection/tunnel between a single computer and a VPN server or router. The site-to -site VPN would be between 2 hardware devices such as 2 Windows servers, or more often 2 VPN routers like the Sonicwall TZ150's. As mentioned the head office can use the Windows server, using built-in RRAS (Routing and Remote Access Service) or the VPN router, in your case the Sonicwall, as the VPN end point. Using the router will give you a little better performance, as you have a dedicated device doing the encrypting and un-encrypting. Also, using the router is a little more secure, as it uses the IPSec protocol, rather than PPTP, and also does not require opening any ports on the router/firewall. If you choose to use the Sonicwall as the VPN end point, then you will need to use it's matching Global VPN client for a client-to-site connection or another Sonicwall router for site-to-site. Since you appear to have multiple clients connecting from one site to the main office, you really should purchase a second router and create a site-to-site tunnel. Using the client is more intended for mobile users or a home office. The following site has the documentation for most Sonicwall configuration options:
http://www.sonicwall.com/support/VPN_documentation.html
0
 
MarcuswAuthor Commented:
Thanks for the info.

just one thing, do i have to do anything to my servers if i go with the router option
0
 
Rob WilliamsCommented:
No, if you use the Sonicwall Global VPN client and the Sonicwall router as the VPN end point, there are no changes required to the servers for the VPN.
However, the Sonicwall may need to assign the client an IP address using DHCP.  If so, make sure this does not conflict with the existing DHCP scope/range in the office. Often in the office you might assign something like x.x.x.100 to x.x.x.199 for in office users and allow the VPN router to assign  x.x.x.200 to x.x.x.225 for VPN users.
The other concern is software firewalls on the server, such as the Windows Firewall. Once the user is connected to the VPN, they have access to all services the same as a user in the office, but the firewall has the ability to block users by subnet, it may need to be configured, if enabled, to allow the remote users. This is not usually necessary, but if some services are unavailable, keep it in mind.
0
 
Rob WilliamsCommented:
Thanks Marcusw,
--Rob
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now