Remote Access to a Restricted Network through VPN

Our mid-sized organization has an air gapped restricted network. It is not directly connected to the Internet. Right now, there is a kind of urgent requirement for our staff to connect to the organization network (with their company provided laptops) remotely while on business travel. That's why we are thinking to design and implement a VPN solution and  looking for an architectural design for this purpose including the generic hardware types and graphical overview. When I search the web there are thousands of links to be investigated but our schedule is tight. That's why I decided to ask EE experts. Any ideas highly appreciated. Thanks.
NAPMA IT OpsIT OperationsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

activematxCommented:
What is your budget?  
How many users will be connecting at a time?  
What type of resources will they be using once connected to the VPN?
How fast is/will be you internet WAN connections uplink?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
For most kind of access the best way to do that is to supply a Terminal Server. VPNs might be a solution if they need access to files or multiple machines, but if it for viewing purposes, or filling out forms or such, and in particular if there is a need to run database aware software, Terminal Server will be the way to go.
NAPMA IT OpsIT OperationsAuthor Commented:
All network resources to max extend will be used ( email, web services, data processing, printer etc.) Since the concept is to let users have desktop environment remotely VPN will be the best alternative.
Regarding the budget as long as it is reasonable and affordable there will not be a limitation.
Max 50 concurrent users connect at the same time and our current internet bandwidth is 100 Mbps
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Again, I recommend to use Terminal Server sessions. What you enlist causes a lot of traffic, and that should remain local. That can be combined with a VPN to have the best of both.
Email requires neither Remote Sessions nor a VPN, if you allow remote access (with Exchange there is OWA and Outlook Anywhere available).

With 50 concurrent users you will need something reliable and easy to manage, and it should be effective and performant. You'll need a hardware VPN in the mid-range of business class routers. There are many devices out there which would apply, with different techniques for the client like
SSL based with a Web Login and self-installing Java applet
SSL based with OpenVPN and certificates
IPSec based with a pre-installed client (free like ShrewSoft VPN or licensed like NCP)
and some more. Common brands are SonicWALL, Juniper, CheckPoint, Cisco, and many more, so the choice is overwhelming. It's difficult to give valuable advise here, you might want to find someone at your area analyzing your exact needs. In particular as you seem to have not much experience with that kind of connection.

On the other hand, setting it up with almost any business-class device isn't that difficult, if you have managed to do it once.
You could also consider to start with Windows Server and RRAS, but I can't tell how that will perform with 50 users.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NAPMA IT OpsIT OperationsAuthor Commented:
Dear Qlemo, thank you for your guidance I think it will help me alot. In the meantime if you can provide me a basic architectural schema (diagram) of your solution I will close my question and give the whole points to you.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
There isn't much to paint a schematic for, with all those options. A client connects to a server, and is then part of the remote network (with some exceptions).
NAPMA IT OpsIT OperationsAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for PEITO's comment #a39775829

for the following reason:

I was also expecting to get a architectural design graphics to understand it better. But anyhow I have the basic idea about VPN solution that will guide me through my deep search...
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
You've now tried to accept your own comment thanking me for the input ( http:#a39775829 ). Please try again - you should accept *only* my comment(s). I recommend http:#a39773215 with a grade of "B".
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.