Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remote Access to a Restricted Network through VPN

Posted on 2014-01-09
10
Medium Priority
?
617 Views
Last Modified: 2014-01-27
Our mid-sized organization has an air gapped restricted network. It is not directly connected to the Internet. Right now, there is a kind of urgent requirement for our staff to connect to the organization network (with their company provided laptops) remotely while on business travel. That's why we are thinking to design and implement a VPN solution and  looking for an architectural design for this purpose including the generic hardware types and graphical overview. When I search the web there are thousands of links to be investigated but our schedule is tight. That's why I decided to ask EE experts. Any ideas highly appreciated. Thanks.
0
Comment
Question by:PEITO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 9

Expert Comment

by:activematx
ID: 39769741
What is your budget?  
How many users will be connecting at a time?  
What type of resources will they be using once connected to the VPN?
How fast is/will be you internet WAN connections uplink?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39770440
For most kind of access the best way to do that is to supply a Terminal Server. VPNs might be a solution if they need access to files or multiple machines, but if it for viewing purposes, or filling out forms or such, and in particular if there is a need to run database aware software, Terminal Server will be the way to go.
0
 

Author Comment

by:PEITO
ID: 39772415
All network resources to max extend will be used ( email, web services, data processing, printer etc.) Since the concept is to let users have desktop environment remotely VPN will be the best alternative.
Regarding the budget as long as it is reasonable and affordable there will not be a limitation.
Max 50 concurrent users connect at the same time and our current internet bandwidth is 100 Mbps
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39773215
Again, I recommend to use Terminal Server sessions. What you enlist causes a lot of traffic, and that should remain local. That can be combined with a VPN to have the best of both.
Email requires neither Remote Sessions nor a VPN, if you allow remote access (with Exchange there is OWA and Outlook Anywhere available).

With 50 concurrent users you will need something reliable and easy to manage, and it should be effective and performant. You'll need a hardware VPN in the mid-range of business class routers. There are many devices out there which would apply, with different techniques for the client like
SSL based with a Web Login and self-installing Java applet
SSL based with OpenVPN and certificates
IPSec based with a pre-installed client (free like ShrewSoft VPN or licensed like NCP)
and some more. Common brands are SonicWALL, Juniper, CheckPoint, Cisco, and many more, so the choice is overwhelming. It's difficult to give valuable advise here, you might want to find someone at your area analyzing your exact needs. In particular as you seem to have not much experience with that kind of connection.

On the other hand, setting it up with almost any business-class device isn't that difficult, if you have managed to do it once.
You could also consider to start with Windows Server and RRAS, but I can't tell how that will perform with 50 users.
0
 

Author Comment

by:PEITO
ID: 39775829
Dear Qlemo, thank you for your guidance I think it will help me alot. In the meantime if you can provide me a basic architectural schema (diagram) of your solution I will close my question and give the whole points to you.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39775989
There isn't much to paint a schematic for, with all those options. A client connects to a server, and is then part of the remote network (with some exceptions).
0
 

Author Comment

by:PEITO
ID: 39798579
I've requested that this question be closed as follows:

Accepted answer: 0 points for PEITO's comment #a39775829

for the following reason:

I was also expecting to get a architectural design graphics to understand it better. But anyhow I have the basic idea about VPN solution that will guide me through my deep search...
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39798580
You've now tried to accept your own comment thanking me for the input ( http:#a39775829 ). Please try again - you should accept *only* my comment(s). I recommend http:#a39773215 with a grade of "B".
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question