?
Solved

Sharing a PPTP vpn on LAN

Posted on 2016-09-20
11
Medium Priority
?
66 Views
Last Modified: 2016-11-23
I have a scenario where my office need to connect to another client office vpn using pptp. My office is connected to internet via router and a sonicwall firewall. Say PC1 in my office in the LAN will dial to client server and establish the vpn. This PC1 will be connected 24/7 VPN with client. Now my question how can I allow other PCs (say for eg PC2 and PC3) on the LAN to share the vpn on PC1 whenever they needed it to access the client server. Also while accessing the VPN the Local access as well as the internet should not be disconnected.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 9

Expert Comment

by:J Spoor
ID: 41806340
Why use PPTP and not the SonicWALL's IPsec or SSL-VPN capabilities? it's way more secure to do it on the gateway

For a 24/7 it's more advised to use a Site-to-Site VPN tunnel




View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com

You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com
0
 
LVL 6

Author Comment

by:Raneesh Chitootharayil
ID: 41806355
there are already site to site vpn established with other offices using sonicwall and this particular client office provides only pptp vpn. they don't have sonicwall devices in their network
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41806396
Still much more handy to continue site to stie. You can even use a lower priced router (Draytek Vigor) for this issue (though some are limited to only 2 lan-to-lan profiles).
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Expert Comment

by:J Spoor
ID: 41806434
strongly advise to replace the box then. PPTP is unencrypted and insecure, also by doing PPTP through the firewall on your end, you can't inspect the traffic...
0
 
LVL 6

Author Comment

by:Raneesh Chitootharayil
ID: 41808093
Infact this scenario need to be enabled for a testing purpose, where the client won't allow any other form of vpn environment other than PPTP.

I found a link which describes the vpn sharing
https://www.securitykiss.com/resources/tutorials/shared_vpn/windows/

I will try this and update you.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41808250
The solution from your link is useful if you dedicate one PC as a router. Obviously, you need the current router device already, meaning you will now have Internet > modem/router > PC with VPN sharing (2 LAN cards) > LAN
It means, you will complicate the whole network quite a bit.
If you are really firm on only using PPTP and sharing it, replace the router with the aforementioned Draytek Vigor series, not only do they support the easy to setup IPSEC Lan-to-Lan, it also has PPTP dial out profiles.
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41808261
If you are stuck on using PPTP, make sure the PPTP terminator is in a  DMZ zone of your firewall and not straight in your lan
0
 
LVL 6

Accepted Solution

by:
Raneesh Chitootharayil earned 0 total points
ID: 41814272
thank you all for sharing the valuable suggestion. I followed the link which I posted above and it's working.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41845603
That may work, but you need two NICs. A better way is to use Routing and Remote Access for that.
On a server OS it is very easy to set up; just add the interface in the NAT section as private without using an address pool.
On a client OS it is more tricky as you cannot access RRAS via GUI. I've written an (old) article to that regard: https://www.experts-exchange.com/articles/350/Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html which should stil work for recent client OS.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 41898823
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question