How do I connect to my server over a wan?

Posted on 2010-01-03
Last Modified: 2012-05-08
I just built my first server. Windows Server 2K3. I have a fixed IP address at the main office, and I want to set up a client of the server at our new branch (mini-branch..... 1 machine, one phone). I am planning on moving us all to a server client environment and I have succesfully set up a client locally, but now my concern is how will I set up the client machine at the branch so that when someone logs on at the branch it will look like their desktop as if they were logging on at headquarters.

I guess conceptually I'm thinking I need to register the fixed ip address as a domain name, and then when the client machine at the branch tries to connect to the server, it will resolve to the fixed ip address and and find my server at the headquarters.
(I am leaving the organization in it's current workgroup setup until I am confident that we can make the migration, so I am doing all this with test machines).

Question by:pat_the_bat
    LVL 76

    Accepted Solution

    You can either setup a VPN client on the workstation and force the remote client to logon using Dial Up Networking, or you can setup a Gateway to Gateway VPN (between the two routers that connect both sites to the internet) and then the user will always be connected to the server and will login normally.
    Configure VPN on server 2003 -
    Configure VPN Client on XP (very similar on Vista) -
    Configuring a Gateway to Gateway VPN depends on your current hardware and what you have already may not support this feature.
    LVL 2

    Assisted Solution

    For security and design sake, you will want some type of tunneled VPN connection for remote users. If your firewall supports it, you can deploy a small client to the remote workstation and use your firewall to terminate them into your network as if that machine was part of your internal net. If not or you want to connect a whole remote office to your office, you might want to invest in a site to site VPN tunnel setup, which will make the remote office look like an extension of your local internal network.

    Really the best thing to do first is to decide what you want your users to be able to do remotely with relation to your internal network. Microsoft is notoriously known for being insecure when placed directly on an open internet connection. You should avoid putting that Win2003 server on any direct public connection if it all possible.

    VPN servers / combination firewall VPN servers help secure your network while extending its capabilities to remote users. (Most of the major vendors also allow you to install the client piece on the workstation and tell it to connect before the user logs on, thereby allowing you to enforce security and group policies for machines and users from Active Directory.)

    Look into the following three companies that are the leader in this area.

    1) Cisco (ASA Series - combination VPN-Firewall) Truely the best and the leader, but of course you will pay for that.
    2) Nortel / Avaya - (VPN Router Series - combination VPN-Firewall) Good technology and performs very well.. better price point than cisco, but Nortel has just been taken over recently by Avaya so who knows where the roadmap and support will go in the next couple years.)
    3) SonicWall - (Called by the same name) Not bad devices at all, their VPN and remote access network services lack a bit, but their firewall itself is bulletproof. They are the low end of the price point.

    If you would like to discuss more on what you are trying to do, especially from the view of the remote user, i would be happy to try to give you some more information. Good luck and happy working!

    Remember, good networking comes from good preplanning. Do your self justice with your architecture and design, and you will maximize the investment you make.

    Robert Cook
    Sr. Network Engineer CCDA / CCVP / CCNA
    InnoNET LLC

    Author Comment

        Would the Gateway to Gateway VPN be more efficient? I don;t have any hardware yet as I am still in the r&d stage. If that is substantially faster for performance than, maybe I should consider. Can you give me any direction on that?
    LVL 26

    Expert Comment

    I do not have much to add to Alanhardisty answer, except that having fixed IP addresses on both side gives you more options. "Registering external fixed IP as (local) domain name" is it not wise nor safe. In that way you would (have to) completely open your LAN to internet.
    LVL 76

    Expert Comment

    by:Alan Hardisty
    The Gateway to Gateway would provide a better solution as the two sites would be permanently connected (as long as the Internet is working at both sites).
    Then the remote user would just logon as normal and there would be no need for VPN connections on the server for on the client.
    As long as you have good Inbound and Outbound Internet connection speeds at both sites, then you will be fine with either gateway to gateway to Client to Server.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now