• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 624
  • Last Modified:

Remote Access to a Restricted Network through VPN

Our mid-sized organization has an air gapped restricted network. It is not directly connected to the Internet. Right now, there is a kind of urgent requirement for our staff to connect to the organization network (with their company provided laptops) remotely while on business travel. That's why we are thinking to design and implement a VPN solution and  looking for an architectural design for this purpose including the generic hardware types and graphical overview. When I search the web there are thousands of links to be investigated but our schedule is tight. That's why I decided to ask EE experts. Any ideas highly appreciated. Thanks.
0
PEITO
Asked:
PEITO
  • 4
  • 3
1 Solution
 
activematxCommented:
What is your budget?  
How many users will be connecting at a time?  
What type of resources will they be using once connected to the VPN?
How fast is/will be you internet WAN connections uplink?
0
 
QlemoC++ DeveloperCommented:
For most kind of access the best way to do that is to supply a Terminal Server. VPNs might be a solution if they need access to files or multiple machines, but if it for viewing purposes, or filling out forms or such, and in particular if there is a need to run database aware software, Terminal Server will be the way to go.
0
 
PEITOAuthor Commented:
All network resources to max extend will be used ( email, web services, data processing, printer etc.) Since the concept is to let users have desktop environment remotely VPN will be the best alternative.
Regarding the budget as long as it is reasonable and affordable there will not be a limitation.
Max 50 concurrent users connect at the same time and our current internet bandwidth is 100 Mbps
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
QlemoC++ DeveloperCommented:
Again, I recommend to use Terminal Server sessions. What you enlist causes a lot of traffic, and that should remain local. That can be combined with a VPN to have the best of both.
Email requires neither Remote Sessions nor a VPN, if you allow remote access (with Exchange there is OWA and Outlook Anywhere available).

With 50 concurrent users you will need something reliable and easy to manage, and it should be effective and performant. You'll need a hardware VPN in the mid-range of business class routers. There are many devices out there which would apply, with different techniques for the client like
SSL based with a Web Login and self-installing Java applet
SSL based with OpenVPN and certificates
IPSec based with a pre-installed client (free like ShrewSoft VPN or licensed like NCP)
and some more. Common brands are SonicWALL, Juniper, CheckPoint, Cisco, and many more, so the choice is overwhelming. It's difficult to give valuable advise here, you might want to find someone at your area analyzing your exact needs. In particular as you seem to have not much experience with that kind of connection.

On the other hand, setting it up with almost any business-class device isn't that difficult, if you have managed to do it once.
You could also consider to start with Windows Server and RRAS, but I can't tell how that will perform with 50 users.
0
 
PEITOAuthor Commented:
Dear Qlemo, thank you for your guidance I think it will help me alot. In the meantime if you can provide me a basic architectural schema (diagram) of your solution I will close my question and give the whole points to you.
0
 
QlemoC++ DeveloperCommented:
There isn't much to paint a schematic for, with all those options. A client connects to a server, and is then part of the remote network (with some exceptions).
0
 
PEITOAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for PEITO's comment #a39775829

for the following reason:

I was also expecting to get a architectural design graphics to understand it better. But anyhow I have the basic idea about VPN solution that will guide me through my deep search...
0
 
QlemoC++ DeveloperCommented:
You've now tried to accept your own comment thanking me for the input ( http:#a39775829 ). Please try again - you should accept *only* my comment(s). I recommend http:#a39773215 with a grade of "B".
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now