• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

How do I connect to my server over a wan?

I just built my first server. Windows Server 2K3. I have a fixed IP address at the main office, and I want to set up a client of the server at our new branch (mini-branch..... 1 machine, one phone). I am planning on moving us all to a server client environment and I have succesfully set up a client locally, but now my concern is how will I set up the client machine at the branch so that when someone logs on at the branch it will look like their desktop as if they were logging on at headquarters.

I guess conceptually I'm thinking I need to register the fixed ip address as a domain name, and then when the client machine at the branch tries to connect to the server, it will resolve to the fixed ip address and and find my server at the headquarters.
(I am leaving the organization in it's current workgroup setup until I am confident that we can make the migration, so I am doing all this with test machines).

2 Solutions
Alan HardistyCo-OwnerCommented:
You can either setup a VPN client on the workstation and force the remote client to logon using Dial Up Networking, or you can setup a Gateway to Gateway VPN (between the two routers that connect both sites to the internet) and then the user will always be connected to the server and will login normally.
Configure VPN on server 2003 - http://support.microsoft.com/kb/323441
Configure VPN Client on XP (very similar on Vista) - http://support.microsoft.com/kb/314076
Configuring a Gateway to Gateway VPN depends on your current hardware and what you have already may not support this feature.
For security and design sake, you will want some type of tunneled VPN connection for remote users. If your firewall supports it, you can deploy a small client to the remote workstation and use your firewall to terminate them into your network as if that machine was part of your internal net. If not or you want to connect a whole remote office to your office, you might want to invest in a site to site VPN tunnel setup, which will make the remote office look like an extension of your local internal network.

Really the best thing to do first is to decide what you want your users to be able to do remotely with relation to your internal network. Microsoft is notoriously known for being insecure when placed directly on an open internet connection. You should avoid putting that Win2003 server on any direct public connection if it all possible.

VPN servers / combination firewall VPN servers help secure your network while extending its capabilities to remote users. (Most of the major vendors also allow you to install the client piece on the workstation and tell it to connect before the user logs on, thereby allowing you to enforce security and group policies for machines and users from Active Directory.)

Look into the following three companies that are the leader in this area.

1) Cisco (ASA Series - combination VPN-Firewall) Truely the best and the leader, but of course you will pay for that.
2) Nortel / Avaya - (VPN Router Series - combination VPN-Firewall) Good technology and performs very well.. better price point than cisco, but Nortel has just been taken over recently by Avaya so who knows where the roadmap and support will go in the next couple years.)
3) SonicWall - (Called by the same name) Not bad devices at all, their VPN and remote access network services lack a bit, but their firewall itself is bulletproof. They are the low end of the price point.

If you would like to discuss more on what you are trying to do, especially from the view of the remote user, i would be happy to try to give you some more information. Good luck and happy working!

Remember, good networking comes from good preplanning. Do your self justice with your architecture and design, and you will maximize the investment you make.

Robert Cook
Sr. Network Engineer CCDA / CCVP / CCNA
pat_the_batAuthor Commented:
    Would the Gateway to Gateway VPN be more efficient? I don;t have any hardware yet as I am still in the r&d stage. If that is substantially faster for performance than, maybe I should consider. Can you give me any direction on that?
I do not have much to add to Alanhardisty answer, except that having fixed IP addresses on both side gives you more options. "Registering external fixed IP as (local) domain name" is it not wise nor safe. In that way you would (have to) completely open your LAN to internet.
Alan HardistyCo-OwnerCommented:
The Gateway to Gateway would provide a better solution as the two sites would be permanently connected (as long as the Internet is working at both sites).
Then the remote user would just logon as normal and there would be no need for VPN connections on the server for on the client.
As long as you have good Inbound and Outbound Internet connection speeds at both sites, then you will be fine with either gateway to gateway to Client to Server.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now