Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1068
  • Last Modified:

Best VPN solution for workstation-to-site?

I've got a current P2P VPN network of 16 Sonicwall routers (TZ190's) and a bunch of servers, etc. I need to set up something for users off site to be able to log into a server via RDC (to make use of current TS licenses) and access those resources, but don't want (and can't in most cases) to set up a generic point to point VPN tunnel. I'm not sure if the best way to do this would be to set up a L2TP server and have the user connect to the VPN via a windows dial up VPN connection, or if Sonicwall has a user-type application that can do this for us, etc.

What would you recommend for this? Something to consider is that the end user will not be on a static outside IP, and we only want their workstation to connect...not the rest of the LAN nodes that they are connected to. It's understood that they will only be able to VPN into one network at a time, not all 16 (though, for some cases like me being in the field, that would be pretty cool).  

(I've already looked into NetExtender by Sonicwall, but the TZ190's don't do that. It needs firmware 5.2 or above, and the latest official firmware found on MySonicwall site is 4.2)
0
howejustin
Asked:
howejustin
  • 7
  • 6
2 Solutions
 
Hutch_77Commented:
with an RDP server in session use SSLVPN on the Sonicwalls and create a bookmark pointing to the TS and then everything runs through the browser.  and it is fairly simple to setup using your existing hardware.
0
 
howejustinAuthor Commented:
The TZ 190's don't have SSLVPN, from what I understand. I also don't see an option for it in the configuration GUI.
0
 
Hutch_77Commented:
Hmm when you said net extender that encompasses the SSLVPN on the 240.
I assumed it did here too but it seems I am wrong on that one.

At that point netextender is not hard to configure either for a vpn client.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
howejustinAuthor Commented:
Thanks for the response, but my initial post does mention that I looked into NetExtender, but that it doesn't work for my hardware. They don't offer the firmware required for that on these TZ 190's. Too much coffee today? Haha :)
0
 
Hutch_77Commented:
No sitting here working in Exchange that is how I misread it.

Are you just having he remote users vpn to 1 site?

You might think of upgrading the 1 site to a nsa240 and then just rebuild the config on it and go...
Is the term server an 08 Server R2? you can build a published server off of it.
0
 
Hutch_77Commented:
If you don't mind doing some work you can go to a Nix solution like openvpn
http://openvpn.net/
0
 
netbonesCommented:
Why not just use Microsoft's PPTP VPN?

It's free, available on all Windows clients and servers and is simple to configure. You'll have to make sure you open TCP Port 1723 to the server and Protocol ID 47 (GRE).

You could also setup L2TP over IPSec and then you open IKE (UDP 500), NAT-T (UDP 550) and UDP 1701 for the L2TP traffic.

Easy & simple, and it works pretty much flawlessly.
0
 
howejustinAuthor Commented:
The only sites that really matter do not have approved funding for the NSA 240's, and the servers are Windows 2000 Server machines.

It would be nice to set something up for all 16 sites, but only 3 are really required.

Gotta stick with the TZ 190's, in other words, and connect to W2K.

While OpenVPN is nice, we don't want to pay for a service. Setting something up with already owned resources is preferable.
0
 
Hutch_77Commented:
OpenVPN is a fee solution you just have to put it on something.

But short of that you are looking at PPTP as your only other options.
0
 
howejustinAuthor Commented:
For anybody else with Sonicwall devices and this issue, it looks like Sonicwall Global VPN client will do just what I need. I'll try it out and report back.

Thanks for your suggestions, Hutch.
0
 
howejustinAuthor Commented:
Just following up, Sonicwall Global VPN client works fantastic. Uses the GroupWAN tunnel of the router to gain access to the network from any off site workstation.
0
 
Hutch_77Commented:
Nice glad you found something.
0
 
howejustinAuthor Commented:
Shoot, how do I cancel my current close request? Didn't see netbones' answer before closing the discussion, and his would have given me a solution as well. I'd like to award multiple solutions.
0
 
howejustinAuthor Commented:
Hutch's solution wasn't the definitive answer, as I did find a better solution for my exact issue, but it still provided good insight for other situations that are similar.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now