?
Solved

Remote Access to a Restricted Network through VPN

Posted on 2014-01-09
10
Medium Priority
?
613 Views
Last Modified: 2014-01-27
Our mid-sized organization has an air gapped restricted network. It is not directly connected to the Internet. Right now, there is a kind of urgent requirement for our staff to connect to the organization network (with their company provided laptops) remotely while on business travel. That's why we are thinking to design and implement a VPN solution and  looking for an architectural design for this purpose including the generic hardware types and graphical overview. When I search the web there are thousands of links to be investigated but our schedule is tight. That's why I decided to ask EE experts. Any ideas highly appreciated. Thanks.
0
Comment
Question by:PEITO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 9

Expert Comment

by:activematx
ID: 39769741
What is your budget?  
How many users will be connecting at a time?  
What type of resources will they be using once connected to the VPN?
How fast is/will be you internet WAN connections uplink?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39770440
For most kind of access the best way to do that is to supply a Terminal Server. VPNs might be a solution if they need access to files or multiple machines, but if it for viewing purposes, or filling out forms or such, and in particular if there is a need to run database aware software, Terminal Server will be the way to go.
0
 

Author Comment

by:PEITO
ID: 39772415
All network resources to max extend will be used ( email, web services, data processing, printer etc.) Since the concept is to let users have desktop environment remotely VPN will be the best alternative.
Regarding the budget as long as it is reasonable and affordable there will not be a limitation.
Max 50 concurrent users connect at the same time and our current internet bandwidth is 100 Mbps
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 70

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39773215
Again, I recommend to use Terminal Server sessions. What you enlist causes a lot of traffic, and that should remain local. That can be combined with a VPN to have the best of both.
Email requires neither Remote Sessions nor a VPN, if you allow remote access (with Exchange there is OWA and Outlook Anywhere available).

With 50 concurrent users you will need something reliable and easy to manage, and it should be effective and performant. You'll need a hardware VPN in the mid-range of business class routers. There are many devices out there which would apply, with different techniques for the client like
SSL based with a Web Login and self-installing Java applet
SSL based with OpenVPN and certificates
IPSec based with a pre-installed client (free like ShrewSoft VPN or licensed like NCP)
and some more. Common brands are SonicWALL, Juniper, CheckPoint, Cisco, and many more, so the choice is overwhelming. It's difficult to give valuable advise here, you might want to find someone at your area analyzing your exact needs. In particular as you seem to have not much experience with that kind of connection.

On the other hand, setting it up with almost any business-class device isn't that difficult, if you have managed to do it once.
You could also consider to start with Windows Server and RRAS, but I can't tell how that will perform with 50 users.
0
 

Author Comment

by:PEITO
ID: 39775829
Dear Qlemo, thank you for your guidance I think it will help me alot. In the meantime if you can provide me a basic architectural schema (diagram) of your solution I will close my question and give the whole points to you.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39775989
There isn't much to paint a schematic for, with all those options. A client connects to a server, and is then part of the remote network (with some exceptions).
0
 

Author Comment

by:PEITO
ID: 39798579
I've requested that this question be closed as follows:

Accepted answer: 0 points for PEITO's comment #a39775829

for the following reason:

I was also expecting to get a architectural design graphics to understand it better. But anyhow I have the basic idea about VPN solution that will guide me through my deep search...
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39798580
You've now tried to accept your own comment thanking me for the input ( http:#a39775829 ). Please try again - you should accept *only* my comment(s). I recommend http:#a39773215 with a grade of "B".
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question