What do I need to set up a VPN?

E

evildre

[H]F Junkie
Joined
Oct 23, 2000
Messages
13,345
A (relatively new, small-business) client of mine has a network in place already. He has DSL with a static IP and is currently running a mail server on the connection. He has been hiring salesmen like mad lately because business has gotten better, and he wants to set up a VPN.

Off-hand, I don't know what networking equipment is in place. I will be going there Monday or Tuesday morning to check it out. I assume they at least have one of those consumer-level cable/DSL routers and a big ol' switch. Their mail server is running some NT kernel, but I'm not sure which one. I know they have at least one Windows 2003 Server (dual Opteron 240, 1GB ECC Registered DDR, two 120GB SATA drives in RAID 1, three 73GB SCSI drives in RAID 5, AIT-1 backup), which I built and his IT guy loaded.

The guy is willing to spend $500 to $1000 for a VPN solution. He wants it to support 25 users initially, but wants to be able to upgrade at a later date. What would I need to set up a VPN for this guy?
 
A VPN for what? VPNs are used to securely connect two remote networks, but you don't mention anything about the other network...

You can do lan-to-lan VPNs between routers, or setup a Windows 2000 or 2003 server and use it to do the VPNs (but then the routing becomes funny if you already have a router)
 
Fint said:
A VPN for what? VPNs are used to securely connect two remote networks, but you don't mention anything about the other network...

You can do lan-to-lan VPNs between routers, or setup a Windows 2000 or 2003 server and use it to do the VPNs (but then the routing becomes funny if you already have a router)
Click to expand...
Yes, sorry about that. All he wants to do is allow his salesmen to log in from wherever they happen to be, and use network resources as if they're sitting at their desks. I believe this can also be accomplished by loading VNC on the salesmens' individual machines, but the guy's talkin' VPN for one reason or another.

<edit> Forgot VNC doesn't allow you to copy files to your local machine ... so probably no VNC.
 
Windows Server has VPN server capabilities built in that can be used. You need to ask him *why* these people need to VPN and attempt to estimate the number of concurrent VPN connections as well as in house computer use.

Remember each *authenticated* connection will require a server CAL regardless if they are using the server OS as the VPN server or some appliance.

Another point to question is how fast is his DSL connection for upload and download? That will determine the level of performance for VPN connected users and internet performance by the internal LAN users.
 
SJConsultant said:
Windows Server has VPN server capabilities built in that can be used. You need to ask him *why* these people need to VPN and attempt to estimate the number of concurrent VPN connections as well as in house computer use.

Remember each *authenticated* connection will require a server CAL regardless if they are using the server OS as the VPN server or some appliance.

Another point to question is how fast is his DSL connection for upload and download? That will determine the level of performance for VPN connected users and internet performance by the internal LAN users.
Click to expand...

I will definitely need to ask a few questions. I have a bunch written down, and these shall be added.

I'll also have to check out his DSL and see how fast it is. IIRC it's 1.5Mbit up and down, but I could be confusing him with another customer of mine :D
 
If this owner wants his salespeople to access their individual desktop machines remotely and if his workstations are Windows XP, then remote desktop can easily accomplish this task over a VPN connection.

Check to see what OS his servers are running, If by chance one of them is SBS 2003 then SBS has a built in web page that would allow his salespeople to connect remotely *without* the need for a VPN. The RDP protocol used by remote desktop is encrypted so there isn't too much to worry about information being transmitted over the 'net.
 
SJConsultant said:
If this owner wants his salespeople to access their individual desktop machines remotely and if his workstations are Windows XP, then remote desktop can easily accomplish this task over a VPN connection.

Check to see what OS his servers are running, If by chance one of them is SBS 2003 then SBS has a built in web page that would allow his salespeople to connect remotely *without* the need for a VPN. The RDP protocol used by remote desktop is encrypted so there isn't too much to worry about information being transmitted over the 'net.
Click to expand...
I know the one I built for him is SBS.

Will that allow the salespeople to copy files from the server onto their desktop and back if necessary? I mean, if that's all they need there's really no need for all this, as enabling FTP on the SBS would do the job just fine.
 
If all they need is access to the latest sales documentation and whatnot, then why not consider using Sharepoint Team Services Intranet? Use a self generated SSL cert from the SBS and install that to use some form of encryption.
 
Okay ... currently, he has 3 salesmen, but will be hiring 10-12 more. Currently, the network is set up like this:

Internet --> Efficient Networks 5851 SDSL Router --> Netgear ProSafe FVS318 --> 2x Linksys EF2S24.V2

He has a total of 5 servers: two Windows 2000 Servers, two Windows NT4 Servers, and one Windows 2003 SBS. One of the 2000 Servers is a domain controller; one of the NT4 servers is an Exchange server. The four non-2003 servers are going to be upgraded to 2003 by the middle of July.

All incoming SMTP requests are forwarded to the Exchange server. The customer's internet connection is, unfortunately, quite weak. I did confuse him with another customer, becuase this guy's DSL tested (using chi.speakeasy.net) at 316k down and 301k up. He needs them to be able to run their app, transfer files, and do stuff with the Exchange server.

He wants a "robust" remote access VPN. He had the FVS318 working but it "stopped suddnely", so he's convinced it's defective. He doesn't want to see that (or any other) Netgear box in his server closet anymore, and is willing to shell out at least a little cash to do it. The guy has mentioned Cisco a couple times, but I have no clue where to start. Does this help? :D
 
well first off. don't listen to some sales manager about what equipment to put in his network closet. if he doesn't want netgear then fine. don't buy him cisco just cause he said so though.

are the salesmen running around with laptops or are they supposed to be able to connect from random other computers at other people's sites? if they have laptops, are they 2000 or XP? if they're on other random machines i would question whether this is a good idea at all. you have no control over these other machines and they could have some keyloogers or trojans on there and within a week this guy's network is going to be broken into.

so let's assume laptops. as SJConsultant said remote desktop connections are encrypted so there is actually no need for the VPN. not a bad idea to use one, but i would say you're okay without it.

here's your problem- that connection is NOT going to support 10 people connecting at once. i would say 3 people could hit the terminal server at once and it's going to be kaputsky for any other traffic in or out of that office. he should look into getting a much better line for a few more bucks a month. either that, or you should be able to limit the number of concurrent users via GPO. then the problem becomes when people get on there and hog the TS so no one else can use it all day.

in any case, you can read my TS article over here: http://www.smoothsailingit.com/index.php/content/view/12/3/ or here: http://www.geekextreme.com/content/view/8565/34/
 
You must log in or register to reply here.
Back
Top