VPN Viable for us?

shrumhead

Gawd
Joined
Feb 11, 2002
Messages
531
I work in a very small law firm with only a handful of employees and though I'm not a network professional, I know enough to keep our little workgroup working. Recently the attorneys have been asking if they can get something besides pcAnywhere up and running so they can access their files from home.

I was curious as to what yall thought I should do? From the research I've done online it looks like a VPN would be my best option. I've read a bit about VPN but I still don't really understand how I would actually use it to get them their shared files from home. Would I setup an FTP server that somehow goes through the VPN or is there a much simplier solution?

We have about 10 computers and a fileserver. All of the computers are wired and are windows xp pro.

Thanks in advance!
 
Let's start with...

What is their current firewall that protects them from the Internet?

Who manages it?

Are they open to change it?
 
The only real firewall we have is through our verizon modem. I wouldn't say that I maintain it but I know how to edit its entries and I make sure all the computers are protected under it. And yes, I would be open to changing it.
 
My suggestion, get a Cisco ASA5505. Then setup IPSEC vpn for the clients. If you have a fileserver at the office, they will be able to pull those files up once vpn'd in. (from a shared drive etc)

There are other way's of doing this, but the question is, do they have a server where the documents are stored?
 
Yes we have a fileserver where all our information is stored. Nothing is really stored on the individual computers.
 
Good so any vpn solution will work. Like my pervious suggestion. CIsco ASA5505, IPSEC vpn from the client to the office, map a shared drive, bam work on files from home.
 
Good so any vpn solution will work. Like my pervious suggestion. CIsco ASA5505, IPSEC vpn from the client to the office, map a shared drive, bam work on files from home.

Word of caution, i agree with this unless the users have a 64-bit OS at home. Cisco does not make a VPN client for 64-Bit and i don't think they plan to anytime soon.
 
How old is the file server? A few law firms I've setup, I have Small Business Server. It has a component called Remote Web Workplace...(RWW)...you open/forward port 4125 and 443 on your firewall router..and they hit it from their home computer using the outside IP address/DNS alias. And are able to easily check their e-mail, and/or remote right into their workstation.

Else, just purchase a few logmein accounts. No worrying about firewalls/vpns, or sluggish host desktop software like pcanywhere.
 
Cisco does not make a VPN client for 64-Bit and i don't think they plan to anytime soon.

This is incorrect. Cisco does not make a free IPSEC VPN client for 64-bit; you have to pay a per-client license fee (for their AnyConnection SSL VPN client).
 
This is incorrect. Cisco does not make a free IPSEC VPN client for 64-bit; you have to pay a per-client license fee (for their AnyConnection SSL VPN client).

Link to 64 bit ipsec VPN please
 
Router or server based VPN are both options. Normal remote desktop is another.

OP please give us more information on the setup.

IE:

What type of server(specs including software)
Desktop OS
Desktop software(ie time matters, billing matters, softpro, phoneslips, etc)
 
Cisco does not make an IPSEC VPN client for 64-bit Vista. You have to use their AnyConnect SSL VPN on 64-bit.
 
This is incorrect. Cisco does not make a free IPSEC VPN client for 64-bit; you have to pay a per-client license fee (for their AnyConnection SSL VPN client).

That is not entirely true. You get two free web/ssl vpn licenses with any Cisco ASA. So for a small office it is usually okay as long as no more than two people are using the ssl vpn at once.
 
Link to 64 bit ipsec VPN please

Like stated, there is no 64-bit IPSec client. Cisco does have an SSL AnyConnect client that works with 64-bit windows and Linux/Mac. The WebVPN is also another option, no client to install at all, you just have to setup the webpage with the links you need and also some form of authentication. Works pretty slick.
 
I have an ASA5505 at home, but if the OP is not a "network" guy, it is not the solution to recommend.

As much as it pains me to say, a Sonicwall would be a good choice. pfSense would be my favorite, but setting up OpenVPN can be difficult too. If security is not important, then PPTP is fine, and m0n0wall or pfSense would both work.
 
Like stated, there is no 64-bit IPSec client. Cisco does have an SSL AnyConnect client that works with 64-bit windows and Linux/Mac. The WebVPN is also another option, no client to install at all, you just have to setup the webpage with the links you need and also some form of authentication. Works pretty slick.

I know there isn't, i read his post wrong, my bad, i know about connect anywhere, but i hate it, i love my vpn client.

his saying that i was incorrect was what threw me off
 
If the OP wants to run VPN from a router and is not a network guy a cisco is really out of the question unless they bring someone in.

A sonicwall router might be a better choice. It is going to be simpler to configure.
 
If the OP ... is not a network guy a cisco is really out of the question unless they bring someone in. .

Hence my vote for LogMeIn...purchase several accounts for those who wish to remote in. Makes it about as easy as can be for everyone.
 
I'd vote for something like LogMeIn.
Heck you can even put them all under a free account and just setup the permissions for each person to access their computer.

HOWEVER the main question I'd have would be future growth? That only will work for a small number of people...
 
HOWEVER the main question I'd have would be future growth? That only will work for a small number of people...

You would be suprised how little bandwidth LogMeIn pro really uses. I have seen 25 people use it with just a T1 and be fine.
 
You would be suprised how little bandwidth LogMeIn pro really uses. I have seen 25 people use it with just a T1 and be fine.

That's not my concern. Managing LogMeIn gets cumbersome after you have so many users. Something on your network that you control is a whole lot easier.
 
just have to say you work in a lawfirm and the only protection is a verzion firewall on the modem / router?

I would def go with the setup on your side, i am sure logmein is great and secure and all, but to have data going through them that is from a law firm, in that sense i trust no one.

you got a windows server box? set up the VPN on it and be done with it.
 
for a couple users gotomypc is the best bet.
It works on a lot more remote networks than any vpn.
 
Managing LogMeIn gets cumbersome after you have so many users. Something on your network that you control is a whole lot easier.

How? He has 10x users. That's 10x LogMeIn accounts at the most (probably 1/2 of that since he said some lawyers want to remote in". A username and a password for each remote user. Not unlike user accounts on this server.

LogMeIn and GoToMyPC both usually run bundled prices...like 5x PCs for 19 bucks/month.

As for security? Same as a good VPN.....full encryption, 128 - 256 bit SSL, etc.
 
How? He has 10x users. That's 10x LogMeIn accounts at the most (probably 1/2 of that since he said some lawyers want to remote in". A username and a password for each remote user. Not unlike user accounts on this server.

Managing a ton of third-party apps just isn't something I am fond of, mainly. If it can all tie together and integrate and use Active Directory and make administration easier, that's a great product IMO.
 
Log me in does use AD, Its really the best bet for him, its not a huge hassle really
 
Managing a ton of third-party apps just isn't something I am fond of, mainly. If it can all tie together and integrate and use Active Directory and make administration easier, that's a great product IMO.

Would you consider a Cisco ASA/VPN a 3rd party app? One that requires a bit more skill than the amateur networking skills the OP stated he had?

I think a lot of people have glazed over the details he provided us.

Quote...unquote.
"I know enough to keep our little workgroup working"

Keyword here is workgroup. Not active directory.

"We have about 10 computers and a fileserver. All of the computers are wired and are windows xp pro"

Key words here...All of the computers...are windows xp pro. So much for Windows Server.

Sounds like a peer to peer network with an XP desktop running as a workgroup file storage box.

When I read those key words up there....having active directory logins to authenticate that fancy expensive Cisco VPN or running RRAS on the server for multiple users to VPN in from the "Server" goes out the window.
 
I think a lot of people have glazed over the details he provided us.

Quote...unquote.
"I know enough to keep our little workgroup working"

Keyword here is workgroup. Not active directory.

Guilty as charged... My reading comprehension = fail. :)
 
Back
Top