Need help on VPN setup for Server 2003

I want to set up VPN on Server 2003. What risks am I taking. What security measures should be in place prior to opening up VPN? Should I set up a router on this (separate) NIC with DMZ set to the VPN Port number? We need to use VPN and my knowledge on the security side is very limited.
pc_helperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikeleebrlaCommented:
What type of firewall/router do you have on the perimeter  of your network?  Yes you CAN use a 2003 server to accept VPN connections, but a hardware solution is MUCH more standard.
0
pc_helperAuthor Commented:
We are using a Linksys BEFSR81 which is a retail 8 port wired. This is on all of our Regular Network. We are adding a Second NIC to one of the servers. This second NIC will be for VPN. At the moment we do not have a router in place for it. I had thought of a retail 4 port wired and using the DMZ port for VPN.
What is the easiest and most practical solution? We only have 3 servers so our budget is a bit limited. We aren't afraid to buy something, however, a $5K solution would be rejected by my management.
0
mikeleebrlaCommented:
well like i said you can use the 2003 server and it will work fine (assuming your router can pass the VPN traffic through it). It will need to pass the GRE protocol and port 1723 for a PPTP VPN.

Or you could get a small firewall like a pix 506e and set it up so you are VPNing directly into the Pix.  You can get them on ebay for around $500 used.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

pc_helperAuthor Commented:
What are the security risks and how to i protect from them? Does the Pix address all of them or do I need to spend some time hardening the server?
0
mikeleebrlaCommented:
well i know with the pix you can restrict which source IP people are VPNing into your network from. Of course this will significantly  increase security b/c only that one IP can VPN into your network rather than anyone in the world. I'm not sure if 2003 server can do this or not.
0
pc_helperAuthor Commented:
Most of the people who would VPN into the site would be working from home on a dynamoic IP address so this would not be an advantage. It sounds like hardening the server and/or additiona security wouldn't be a concern if we had the pix unit.
Can the Pix support 2 open ports on the server? Our training web site will share this IP address.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.