Firewall VPN

I need to set up a VPN solution to protect access to an in-house server. I have looked at several solutions but have never setup this type of hardware in the past. The server will run a web and db solution that will only be accessed by a limited number of employees. There will be no outward facing connections without VPN authentication first.

Since I have not tackled this type of configuration before I am not sure what type of features and functions that I need to look for. Can anyone suggest a solution that provides good performance and security but does not require an expert to configure?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
How many people?  There are lots of hardware firewall VPN boxes that are very good. To 50 people (thereabouts) Juniper Netscreen SSG5 or Cisco RVxx series do a good job of security a server. Both vendors scale up without any issue.

Databases are chatty beasts that should not run over VPN but rather run on a Terminal Server type of setup.

I secure all my clients this way and remote clients need a VPN application to gain access. We use NCP Secure entry for this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gactoAuthor Commented:
John - I actually have a Cisco RV042G Router that I was previously using to manage a Dual WAN business connection which is no longer needed. I had not considered that as an alternative but it could meet the need I currently have. I will look at the specifications to see what options it offers.

The VPN tunnel will be for 2-6 employees, with generally only 1-2 connected at the same time. The only part of the server that I intend to provide access to is to a localhost web page running in IIS. The DB will act in a traditional manner with the web pages making read/writes based on the user interaction.

My current plan is to configure the RDP service to only allow connections that match the IP range assigned through the VPN tunnel. Once a user is authenticated through VPN they can then connect through RDP. At that point they would be able to access the DB when necessary.

Even though I will have 2-6 employees with VPN access, only 1 or 2 will have RDP access. Is that consistent with how you see terminal services working for DB access in this type of environment?
JohnBusiness Consultant (Owner)Commented:
The Cisco RV042G will happily manage that many VPN connections. Use NCP Secure Entry as the remote application.

For a small number of users (1 or 2) you can set up a computer with the DB application and the remote user can log into this computer and run the DB on this local computer. I have done this and it works well.
gactoAuthor Commented:
John - This is exactly what I will do. Thanks for the quick response and great information.
JohnBusiness Consultant (Owner)Commented:
@gacto  - Great and I was happy to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.