Solved

Best VPN solution for workstation-to-site?

Posted on 2011-03-24
14
1,056 Views
Last Modified: 2012-05-11
I've got a current P2P VPN network of 16 Sonicwall routers (TZ190's) and a bunch of servers, etc. I need to set up something for users off site to be able to log into a server via RDC (to make use of current TS licenses) and access those resources, but don't want (and can't in most cases) to set up a generic point to point VPN tunnel. I'm not sure if the best way to do this would be to set up a L2TP server and have the user connect to the VPN via a windows dial up VPN connection, or if Sonicwall has a user-type application that can do this for us, etc.

What would you recommend for this? Something to consider is that the end user will not be on a static outside IP, and we only want their workstation to connect...not the rest of the LAN nodes that they are connected to. It's understood that they will only be able to VPN into one network at a time, not all 16 (though, for some cases like me being in the field, that would be pretty cool).  

(I've already looked into NetExtender by Sonicwall, but the TZ190's don't do that. It needs firmware 5.2 or above, and the latest official firmware found on MySonicwall site is 4.2)
0
Comment
Question by:howejustin
  • 7
  • 6
14 Comments
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
with an RDP server in session use SSLVPN on the Sonicwalls and create a bookmark pointing to the TS and then everything runs through the browser.  and it is fairly simple to setup using your existing hardware.
0
 

Author Comment

by:howejustin
Comment Utility
The TZ 190's don't have SSLVPN, from what I understand. I also don't see an option for it in the configuration GUI.
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
Hmm when you said net extender that encompasses the SSLVPN on the 240.
I assumed it did here too but it seems I am wrong on that one.

At that point netextender is not hard to configure either for a vpn client.
0
 

Author Comment

by:howejustin
Comment Utility
Thanks for the response, but my initial post does mention that I looked into NetExtender, but that it doesn't work for my hardware. They don't offer the firmware required for that on these TZ 190's. Too much coffee today? Haha :)
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
No sitting here working in Exchange that is how I misread it.

Are you just having he remote users vpn to 1 site?

You might think of upgrading the 1 site to a nsa240 and then just rebuild the config on it and go...
Is the term server an 08 Server R2? you can build a published server off of it.
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
If you don't mind doing some work you can go to a Nix solution like openvpn
http://openvpn.net/
0
 
LVL 5

Expert Comment

by:netbones
Comment Utility
Why not just use Microsoft's PPTP VPN?

It's free, available on all Windows clients and servers and is simple to configure. You'll have to make sure you open TCP Port 1723 to the server and Protocol ID 47 (GRE).

You could also setup L2TP over IPSec and then you open IKE (UDP 500), NAT-T (UDP 550) and UDP 1701 for the L2TP traffic.

Easy & simple, and it works pretty much flawlessly.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:howejustin
Comment Utility
The only sites that really matter do not have approved funding for the NSA 240's, and the servers are Windows 2000 Server machines.

It would be nice to set something up for all 16 sites, but only 3 are really required.

Gotta stick with the TZ 190's, in other words, and connect to W2K.

While OpenVPN is nice, we don't want to pay for a service. Setting something up with already owned resources is preferable.
0
 
LVL 10

Accepted Solution

by:
Hutch_77 earned 500 total points
Comment Utility
OpenVPN is a fee solution you just have to put it on something.

But short of that you are looking at PPTP as your only other options.
0
 

Assisted Solution

by:howejustin
howejustin earned 0 total points
Comment Utility
For anybody else with Sonicwall devices and this issue, it looks like Sonicwall Global VPN client will do just what I need. I'll try it out and report back.

Thanks for your suggestions, Hutch.
0
 

Author Comment

by:howejustin
Comment Utility
Just following up, Sonicwall Global VPN client works fantastic. Uses the GroupWAN tunnel of the router to gain access to the network from any off site workstation.
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
Nice glad you found something.
0
 

Author Comment

by:howejustin
Comment Utility
Shoot, how do I cancel my current close request? Didn't see netbones' answer before closing the discussion, and his would have given me a solution as well. I'd like to award multiple solutions.
0
 

Author Closing Comment

by:howejustin
Comment Utility
Hutch's solution wasn't the definitive answer, as I did find a better solution for my exact issue, but it still provided good insight for other situations that are similar.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now