Link to home
Start Free TrialLog in
Avatar of HellmaUS
HellmaUSFlag for United States of America

asked on

Setting up VPN with Firewall rules for remote network users

I have a office network running off of a small business server 2008 with a sonicwall tz180 firewall that i would like to create a vpn to setup some laptops as remote network users (for employees on the road or out of the office to access full network capabilities). I have enables the functionality on the server. I believe I setup the port forwarding rules on the firewall properly (port 1723), but perhaps there is more I need to do there. The Static IP address for our network is what I put into the setup wizard in network setup, but i cannot get the access correct. All the machines in my network have static IP addresses. We are running a terminal server as well. Please help me figure out what I haven't completed to make the whole thing work. Thanks!
Avatar of ctssteve
ctssteve
Flag of United States of America image

With your TZ180 SonicWall, did you purchase the Enhanced OS?
Avatar of Rob Williams
If using the SBS VPN you simply run the VPN setup wizard under SBS console | network | connectivity, and it will configure client addressing, routing, authentication, and all else required.

On the Sonicwall you have to forward port 1723 and enable GRE pass-through.
On the client end you can connect to resources using IP's but if you want name resolution to work you need to follow the steps in the following link:
http://blog.lan-tech.ca/2011/05/14/vpn-client-name-resolution-2/

However if you have a terminal server, why do you need a VPN?  The terminal server will provide FAR better performance and better security.  VPN's have a major security flaw in that you are letting an uncontrolled remote computer on an uncontrolled remote network have full access to your corporate network.
Did you consider using the Sonicwall Global VPN Client on your laptops to connect to the Sonicwall and bring you onto your LAN from there? You would have to buy licenses for it though so there is some cost involved.
Avatar of HellmaUS

ASKER

RobWill-

The terminal server is quite slow and only allows 2 sessions at a time. Additionally, the VPN will allow for remote users to operate under standard conditions with access to complete functionality on their home machines as opposed to the limited software and data on the TS.

All of the computers have enforced client anti-virus in order to access the network anyway.
>>"The terminal server is quite slow and only allows 2 sessions at a time."
Then it is not a terminal server.  If Terminal services have not been added you can only have 2 users access the server at a time and it id for management purposes only. In this mode the server is optimized for background service such as file and print sharing and not for running applications.

I do however understand now why you want VPN access.  Keep in mind though hackers near the home system, over which you have no control, can far more easily access your corporate network. Also a VPN will not let users run applications involving databases, such as access or accounting apps, run on a home computer and access the data on the server. Doing so, because of the slow link, can result in data corruption.

SBS does offer Outlook Web Access, Outlook rpc/http, and Remote Web Workplace (to access their office PC) which all perform much better and more securely than a VPN.

If you are going to use a VPN, though the SBS VPN works well, using the Sonicwall VPN as suggested by ZabagaR, would be a little more secure and offer slightly better performance.
Ok I followed all the steps I could find setting up the sonicwall vpn client. I've set the access rules, setup the authentication for IKE IPSEC preshared secret.

I open the connection it shows
opening port
port opened
device connected
all devices connected
verifying username and password
and then i get this error window

User generated image

What setting am I missing?
Which method are you wanting to use. Initially you were discussing using the Windows VPN, and now the Sonicwall VPN.
The error message you received appears to be from the Windows VPN client not the Sonicwall Global VPN client
Based on your post from 4/17 i decided it best to use the Sonicwall VPN. I believe I followed the steps mentioned in the link you included. If the error message is coming from the Windows VPN then what should I do to cut this out of the equation?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial