Solved

Need help on VPN setup for Server 2003

Posted on 2007-11-15
6
292 Views
Last Modified: 2010-04-12
I want to set up VPN on Server 2003. What risks am I taking. What security measures should be in place prior to opening up VPN? Should I set up a router on this (separate) NIC with DMZ set to the VPN Port number? We need to use VPN and my knowledge on the security side is very limited.
0
Comment
Question by:pc_helper
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 20289481
What type of firewall/router do you have on the perimeter  of your network?  Yes you CAN use a 2003 server to accept VPN connections, but a hardware solution is MUCH more standard.
0
 

Author Comment

by:pc_helper
ID: 20289582
We are using a Linksys BEFSR81 which is a retail 8 port wired. This is on all of our Regular Network. We are adding a Second NIC to one of the servers. This second NIC will be for VPN. At the moment we do not have a router in place for it. I had thought of a retail 4 port wired and using the DMZ port for VPN.
What is the easiest and most practical solution? We only have 3 servers so our budget is a bit limited. We aren't afraid to buy something, however, a $5K solution would be rejected by my management.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 20289674
well like i said you can use the 2003 server and it will work fine (assuming your router can pass the VPN traffic through it). It will need to pass the GRE protocol and port 1723 for a PPTP VPN.

Or you could get a small firewall like a pix 506e and set it up so you are VPNing directly into the Pix.  You can get them on ebay for around $500 used.

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:pc_helper
ID: 20289800
What are the security risks and how to i protect from them? Does the Pix address all of them or do I need to spend some time hardening the server?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 20289980
well i know with the pix you can restrict which source IP people are VPNing into your network from. Of course this will significantly  increase security b/c only that one IP can VPN into your network rather than anyone in the world. I'm not sure if 2003 server can do this or not.
0
 

Author Comment

by:pc_helper
ID: 20290028
Most of the people who would VPN into the site would be working from home on a dynamoic IP address so this would not be an advantage. It sounds like hardening the server and/or additiona security wouldn't be a concern if we had the pix unit.
Can the Pix support 2 open ports on the server? Our training web site will share this IP address.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question