Solved

Best VPN solution for workstation-to-site?

Posted on 2011-03-24
14
1,060 Views
Last Modified: 2012-05-11
I've got a current P2P VPN network of 16 Sonicwall routers (TZ190's) and a bunch of servers, etc. I need to set up something for users off site to be able to log into a server via RDC (to make use of current TS licenses) and access those resources, but don't want (and can't in most cases) to set up a generic point to point VPN tunnel. I'm not sure if the best way to do this would be to set up a L2TP server and have the user connect to the VPN via a windows dial up VPN connection, or if Sonicwall has a user-type application that can do this for us, etc.

What would you recommend for this? Something to consider is that the end user will not be on a static outside IP, and we only want their workstation to connect...not the rest of the LAN nodes that they are connected to. It's understood that they will only be able to VPN into one network at a time, not all 16 (though, for some cases like me being in the field, that would be pretty cool).  

(I've already looked into NetExtender by Sonicwall, but the TZ190's don't do that. It needs firmware 5.2 or above, and the latest official firmware found on MySonicwall site is 4.2)
0
Comment
Question by:howejustin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210450
with an RDP server in session use SSLVPN on the Sonicwalls and create a bookmark pointing to the TS and then everything runs through the browser.  and it is fairly simple to setup using your existing hardware.
0
 

Author Comment

by:howejustin
ID: 35210583
The TZ 190's don't have SSLVPN, from what I understand. I also don't see an option for it in the configuration GUI.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210613
Hmm when you said net extender that encompasses the SSLVPN on the 240.
I assumed it did here too but it seems I am wrong on that one.

At that point netextender is not hard to configure either for a vpn client.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:howejustin
ID: 35210705
Thanks for the response, but my initial post does mention that I looked into NetExtender, but that it doesn't work for my hardware. They don't offer the firmware required for that on these TZ 190's. Too much coffee today? Haha :)
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210726
No sitting here working in Exchange that is how I misread it.

Are you just having he remote users vpn to 1 site?

You might think of upgrading the 1 site to a nsa240 and then just rebuild the config on it and go...
Is the term server an 08 Server R2? you can build a published server off of it.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210755
If you don't mind doing some work you can go to a Nix solution like openvpn
http://openvpn.net/
0
 
LVL 5

Expert Comment

by:netbones
ID: 35210835
Why not just use Microsoft's PPTP VPN?

It's free, available on all Windows clients and servers and is simple to configure. You'll have to make sure you open TCP Port 1723 to the server and Protocol ID 47 (GRE).

You could also setup L2TP over IPSec and then you open IKE (UDP 500), NAT-T (UDP 550) and UDP 1701 for the L2TP traffic.

Easy & simple, and it works pretty much flawlessly.
0
 

Author Comment

by:howejustin
ID: 35210839
The only sites that really matter do not have approved funding for the NSA 240's, and the servers are Windows 2000 Server machines.

It would be nice to set something up for all 16 sites, but only 3 are really required.

Gotta stick with the TZ 190's, in other words, and connect to W2K.

While OpenVPN is nice, we don't want to pay for a service. Setting something up with already owned resources is preferable.
0
 
LVL 10

Accepted Solution

by:
Hutch_77 earned 500 total points
ID: 35210882
OpenVPN is a fee solution you just have to put it on something.

But short of that you are looking at PPTP as your only other options.
0
 

Assisted Solution

by:howejustin
howejustin earned 0 total points
ID: 35211102
For anybody else with Sonicwall devices and this issue, it looks like Sonicwall Global VPN client will do just what I need. I'll try it out and report back.

Thanks for your suggestions, Hutch.
0
 

Author Comment

by:howejustin
ID: 35211276
Just following up, Sonicwall Global VPN client works fantastic. Uses the GroupWAN tunnel of the router to gain access to the network from any off site workstation.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35211280
Nice glad you found something.
0
 

Author Comment

by:howejustin
ID: 35211352
Shoot, how do I cancel my current close request? Didn't see netbones' answer before closing the discussion, and his would have given me a solution as well. I'd like to award multiple solutions.
0
 

Author Closing Comment

by:howejustin
ID: 35239149
Hutch's solution wasn't the definitive answer, as I did find a better solution for my exact issue, but it still provided good insight for other situations that are similar.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question