Solved

Need help on VPN setup for Server 2003

Posted on 2007-11-15
6
265 Views
Last Modified: 2010-04-12
I want to set up VPN on Server 2003. What risks am I taking. What security measures should be in place prior to opening up VPN? Should I set up a router on this (separate) NIC with DMZ set to the VPN Port number? We need to use VPN and my knowledge on the security side is very limited.
0
Comment
Question by:pc_helper
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 20289481
What type of firewall/router do you have on the perimeter  of your network?  Yes you CAN use a 2003 server to accept VPN connections, but a hardware solution is MUCH more standard.
0
 

Author Comment

by:pc_helper
ID: 20289582
We are using a Linksys BEFSR81 which is a retail 8 port wired. This is on all of our Regular Network. We are adding a Second NIC to one of the servers. This second NIC will be for VPN. At the moment we do not have a router in place for it. I had thought of a retail 4 port wired and using the DMZ port for VPN.
What is the easiest and most practical solution? We only have 3 servers so our budget is a bit limited. We aren't afraid to buy something, however, a $5K solution would be rejected by my management.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 20289674
well like i said you can use the 2003 server and it will work fine (assuming your router can pass the VPN traffic through it). It will need to pass the GRE protocol and port 1723 for a PPTP VPN.

Or you could get a small firewall like a pix 506e and set it up so you are VPNing directly into the Pix.  You can get them on ebay for around $500 used.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:pc_helper
ID: 20289800
What are the security risks and how to i protect from them? Does the Pix address all of them or do I need to spend some time hardening the server?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 20289980
well i know with the pix you can restrict which source IP people are VPNing into your network from. Of course this will significantly  increase security b/c only that one IP can VPN into your network rather than anyone in the world. I'm not sure if 2003 server can do this or not.
0
 

Author Comment

by:pc_helper
ID: 20290028
Most of the people who would VPN into the site would be working from home on a dynamoic IP address so this would not be an advantage. It sounds like hardening the server and/or additiona security wouldn't be a concern if we had the pix unit.
Can the Pix support 2 open ports on the server? Our training web site will share this IP address.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now