[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Need help on VPN setup for Server 2003

I want to set up VPN on Server 2003. What risks am I taking. What security measures should be in place prior to opening up VPN? Should I set up a router on this (separate) NIC with DMZ set to the VPN Port number? We need to use VPN and my knowledge on the security side is very limited.
0
pc_helper
Asked:
pc_helper
  • 3
  • 3
1 Solution
 
mikeleebrlaCommented:
What type of firewall/router do you have on the perimeter  of your network?  Yes you CAN use a 2003 server to accept VPN connections, but a hardware solution is MUCH more standard.
0
 
pc_helperAuthor Commented:
We are using a Linksys BEFSR81 which is a retail 8 port wired. This is on all of our Regular Network. We are adding a Second NIC to one of the servers. This second NIC will be for VPN. At the moment we do not have a router in place for it. I had thought of a retail 4 port wired and using the DMZ port for VPN.
What is the easiest and most practical solution? We only have 3 servers so our budget is a bit limited. We aren't afraid to buy something, however, a $5K solution would be rejected by my management.
0
 
mikeleebrlaCommented:
well like i said you can use the 2003 server and it will work fine (assuming your router can pass the VPN traffic through it). It will need to pass the GRE protocol and port 1723 for a PPTP VPN.

Or you could get a small firewall like a pix 506e and set it up so you are VPNing directly into the Pix.  You can get them on ebay for around $500 used.

0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
pc_helperAuthor Commented:
What are the security risks and how to i protect from them? Does the Pix address all of them or do I need to spend some time hardening the server?
0
 
mikeleebrlaCommented:
well i know with the pix you can restrict which source IP people are VPNing into your network from. Of course this will significantly  increase security b/c only that one IP can VPN into your network rather than anyone in the world. I'm not sure if 2003 server can do this or not.
0
 
pc_helperAuthor Commented:
Most of the people who would VPN into the site would be working from home on a dynamoic IP address so this would not be an advantage. It sounds like hardening the server and/or additiona security wouldn't be a concern if we had the pix unit.
Can the Pix support 2 open ports on the server? Our training web site will share this IP address.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now