Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN with Windows 2003 Small business server and Sonicwall router

Posted on 2006-11-02
8
Medium Priority
?
1,990 Views
Last Modified: 2010-05-19
Can someone set me on the right track? I want to have employees be able to VPN into the office server to retrieve files.

I have a windows 2003 small business server with a sonicwall router.

Should I set up the vpn through the router and what are the steps to doing that? What software will the client computers use to vpn into the system? Is it built into Windows?

Do I have to buy licenses from Sonicwall to do this stuff?

The on the controll panel the sonicwall model says SOHO3, if that is relevant.

If you could just set me on the right track so I don't bark up the wrong tree as it were.
0
Comment
Question by:mrmyth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 22

Assisted Solution

by:WMIF
WMIF earned 200 total points
ID: 17862876
this article gives you a run through on the setup of rras on sbs.
http://support.microsoft.com/kb/q238167/

you would have to configure your sonicwall to allow gre (port 47) through to the address of your sbs server.  then any windows machine can create a connection using the wizard for vpn.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1800 total points
ID: 17863969
You have 3 options as I see it:

a) set up the Sonicwall as your VPN endpoint, which is the better alternative, as it is a little more secure and will provide slightly better performance. However, you do have to buy client licenses from Sonicwall. I am not sure how there licensing works, some just require you have a support contract to be able to add VPN users, other require purchasing licenses, usually in groups of 5 or 10. Should you go this route following site has most of the documentation for setting up the Sonicwalls with their Global VPN client:
http://www.sonicwall.com/support/VPN_documentation.html

b) as WMIF suggested, you can use the Windows built-in VPN server. When working with SBS it is very important to use the wizards. You can actually 'break' networking not doing so. The end RRAS configuration is the same, but the way all the interrelated components works is somewhat different. The wizards will also make any changes to the firewall.
To create the server end of the VPN open the server management console, click on Internet and E-Mail, followed by Configure remote access,, then just follow the very short wizard. If you want to verify the configuration there is a great article at:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
However, only use it for reference, use the wizard for the basic configuration.

As for the client end SBS again has a wizard. This will actually create a disk to configure the remote computer to connect. This is on the same page of the Server management console and is called Create a remote connection disk. The client can be configured manually, but it is recommended to use the disk. Should you need to do so manually see:
http://www.onecomputerguy.com/networking/xp_vpn.htm

You also need to forward port 1723, and GRE. Depending on the router, GRE may be a specific command, or is often labeled "PPTP pass-through". Details for configuring port forwarding can be found at:
http://www.no-ip.com/support/guides/routers/sonicwall.html

c) SBS has an other feature you may want to look at as well, Remote Web Workplace, which allows remote users to connect to a local workstation to work remotely. This is controlled with very secure access using SSL instead of a VPN, and works well:
http://support.microsoft.com/kb/833983
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=11
This requires ports 443 and 4125 be forwarded on the router.


0
 
LVL 1

Author Comment

by:mrmyth
ID: 17864512
Thanks for the very thorough answer. I'm thinking I'm going to go the Sonicwall route, on your recommendation, depending on the how much it costs for the client licenses.

However if I did decide to go the Windows built-in VPN server, would the server need to be delivering the IP addresses on the network? Right now my sonicwall is the thing that delivers all the IPs and my server's DHCP is turned off.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:WMIF
ID: 17864533
if you go the windows route, it doesnt have to be the dhcp server for the network.  it does however want a range of ip addresses that it can hand out to its clients.  you can drop it onto a seperate subnet or you can block out a range from your dhcp server.
0
 
LVL 1

Author Comment

by:mrmyth
ID: 17864731
The windows route is looking pretty good to me, but I am a bit stuck on the DHCP range. In the wizard it asks for a DHCP range.

If the sonicwall is handing out a dynamic range of 192.168.1.30-192.168.1.50, could I just make the vpn range 192.168.1.51-192.168.1.70?

I don't need that many clients connecting at one time and I don't have static IPs in that range.
0
 
LVL 1

Author Comment

by:mrmyth
ID: 17864735
Above I meant to say it asks for a range of static IP addresses where I said "it asks for a DHCP range."
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17865554
Sue , the DHCP scope/range for the VPN clients can be anything you like, so long as it is part of the larger network subnet/range. Just make sure there is no overlap. Whether you use the server, the Sonicwall for your primary DHCP server, a typical example might be
192.168.1.1 to 192.168.1.20  static IP's for for servers
192.168.1.21 to 192.168.1.50 static for printers
192.168.1.1.101 to 192.168.1.175 DHCP for client machines (not necessary, but using the server is recommended for this)
192.168.1.176 to 192.168.1.200 for VPN clients  (could be assigned by Sonicwall)
192.168.1.225 to 192.168.1.254  for routers and network components

The Sonicwall may also have the option to use a DHCP Relay Agent for the VPN clients. This just tells the router to request the DHCP addresses from the server.

Just a note: The subnet used by the main office and the VPN client usually has to be different. If the office is using 192.168.1.x clients trying to connect from remote networks that also use 192.168.1.x probably will not be able to use the VPN. They can connect, but cannot access anything due to a routing conflict. Though it is not likely easy to change this, it is recommended the main network avoid common subnets like 192.168.0.x, 192.168.1.x, 192.168.2.x, 192.168.100.x, and 10.0.0.x  If you should decide to do this plan carefully, as all routers, printers and servers need to be changed, and all DHCP clients refreshed. Very important as well that if you decide to do this with the SBS you use the built in wizard to do so. I would even recommend posting a question in the SBS forum regarding changing the server's IP, to see if there any specifics r=that need to be addressed.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17871831
Thanks mrmyth,
--Rob
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question