I'm looking to make some changes on how my users gain remote access to my system. Currently we have 20 or so users who like to have the ability to work from home. So currently we have a 1-2-1 NAT setup for each of these users. The users connect to their work PC using RDP over a public IP address.
My problem, I'm out of public IP's and have more users who want remote access along with multiple servers that need to be placed into my DMZ with public IPs. Getting more IP's from my ISP is like pulling teeth.
So, my thought is to switch from giving each PC a 1-2-1 NAT to setting up a VPN. I'm wondering what kinds of drawbacks this might have. And I have multiple options for VPN as well. I have a SonicWall that's got licensing for global VPN clients. This has the standard OS, but I am switching it out with a new NSA 4500 with the enhanced OS as well. Second, I could setup a 1-2-1 NAT to one of my Windows servers into a RAS server. I have a bunch of new 2008 servers coming in that will be replacing some 2003 servers, so one of those could potentially become a RAS server.
Any suggestions or reasons why a direct 1-2-1 would be better than usign a VPN?