• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Need help on VPN setup for Server 2003

I want to set up VPN on Server 2003. What risks am I taking. What security measures should be in place prior to opening up VPN? Should I set up a router on this (separate) NIC with DMZ set to the VPN Port number? We need to use VPN and my knowledge on the security side is very limited.
0
pc_helper
Asked:
pc_helper
  • 3
  • 3
1 Solution
 
mikeleebrlaCommented:
What type of firewall/router do you have on the perimeter  of your network?  Yes you CAN use a 2003 server to accept VPN connections, but a hardware solution is MUCH more standard.
0
 
pc_helperAuthor Commented:
We are using a Linksys BEFSR81 which is a retail 8 port wired. This is on all of our Regular Network. We are adding a Second NIC to one of the servers. This second NIC will be for VPN. At the moment we do not have a router in place for it. I had thought of a retail 4 port wired and using the DMZ port for VPN.
What is the easiest and most practical solution? We only have 3 servers so our budget is a bit limited. We aren't afraid to buy something, however, a $5K solution would be rejected by my management.
0
 
mikeleebrlaCommented:
well like i said you can use the 2003 server and it will work fine (assuming your router can pass the VPN traffic through it). It will need to pass the GRE protocol and port 1723 for a PPTP VPN.

Or you could get a small firewall like a pix 506e and set it up so you are VPNing directly into the Pix.  You can get them on ebay for around $500 used.

0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
pc_helperAuthor Commented:
What are the security risks and how to i protect from them? Does the Pix address all of them or do I need to spend some time hardening the server?
0
 
mikeleebrlaCommented:
well i know with the pix you can restrict which source IP people are VPNing into your network from. Of course this will significantly  increase security b/c only that one IP can VPN into your network rather than anyone in the world. I'm not sure if 2003 server can do this or not.
0
 
pc_helperAuthor Commented:
Most of the people who would VPN into the site would be working from home on a dynamoic IP address so this would not be an advantage. It sounds like hardening the server and/or additiona security wouldn't be a concern if we had the pix unit.
Can the Pix support 2 open ports on the server? Our training web site will share this IP address.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now