VPN Setup

I am setting up VPN on Windows Server 2012 for the first time ever. I have an application that I will be running which needs to be blocked from access unless a user authenticates using VPN. However now that I am involved in the process of setting this up I am starting to question if this will provide the level of protection that I need. Here are my concerns:

1. The application that I will be accessing is a web application that will connect to an MSSQL DB on the same server.
2. This server also has a publicly accessible web site, no VPN authentication required, that connects to MSSQL.
3. My concern is whether or not I can create a secure connection to this one web applicaiton and DB given the fact that the server already provides access over the web without VPN authentication.

There are probably several layers of questions here that I need answers to, but I am not 100% sure where to start given that I have never set up VPN before. Do I need to set special properties for the IIS site that will run the web application? Do I need to set up custom authentication for the MSSQL DB to protect it from access by malicious attacks that could come through the publicly accessible web site? Do I need to spin up a separate box altogether for this to work properly?
gactoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
I am setting up VPN on Windows Server 2012 for the first time ever. I have an application that I will be running which needs to be blocked from access unless a user authenticates using VPN. This means that this site must only be accessible via the local network and not the WAN so on this site use ip address restrictions
Full Walkthrough: http://www.iis.net/configreference/system.webserver/security/ipsecurity
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Reece DoddsCommented:
Or alternatively, skip the VPN requirement and run the 'restricted section' of the web application via different TCP port(s) and authenticate with SSL certificate credentials.

A good example of what I mean is the SSL provider https://www.startssl.com/ (coincidentally) which uses the methods I refer to.

screenshot
0
Thomas GrassiSystems AdministratorCommented:
What kind of router you have ?
Best to setup your router with VPN configuration
Those devices are setup to handle this
0
gactoAuthor Commented:
David - I am reviewing this now. If I understand the steps here correctly I can set the IIS site up deny access to the site be default for any IP address or domain that is not specified. Then I can allow access to 127.0.0.1. Does this sound like it will work?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.