Need help with VPN basics

[petr]

Archived from groups: comp.dcom.vpn (More info?)

After searching and reading and getting all mixed up, I decided it
would be best to just ask the experts myself There´s so much
information lying around I don´t know anymore what´s right for me and
what isn´t...

Here´s the deal: I need to do some testing with vpn for future needs.
Right now, I just want to get some experience with remotely accessing
ressources at my office. Later on, a small number of users should be
able to simultaniously use vpn for remote access.

I´ve tried to get something done (within one LAN, just for testing
purposes) by using the Windows2000 vpn-features but I don´t even know
how to access files even though the vpn-connection is established.

We have ADSL with a public IP-Address and a router with no vpn
capabilities. My problem is: I don´t know where to start. Do I need
hardware, software or both? If a new router would be sufficient, what
would be a cheap way to get started?

I´m sure I´ll have more questions as things become clearer (hard to
believe that ever happens..), but I´ll let you guide me into the right
direction. If you need more information about our network etc. just
ask. I´d really appreciate some help!

Petr

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

Petr wrote:
> After searching and reading and getting all mixed up, I decided it
> would be best to just ask the experts myself There´s so much
> information lying around I don´t know anymore what´s right for me and
> what isn´t...
>
> Here´s the deal: I need to do some testing with vpn for future needs.
> Right now, I just want to get some experience with remotely accessing
> ressources at my office. Later on, a small number of users should be
> able to simultaniously use vpn for remote access.
>
> I´ve tried to get something done (within one LAN, just for testing
> purposes) by using the Windows2000 vpn-features but I don´t even know
> how to access files even though the vpn-connection is established.
>
> We have ADSL with a public IP-Address and a router with no vpn
> capabilities. My problem is: I don´t know where to start. Do I need
> hardware, software or both? If a new router would be sufficient, what
> would be a cheap way to get started?
>
> I´m sure I´ll have more questions as things become clearer (hard to
> believe that ever happens..), but I´ll let you guide me into the right
> direction. If you need more information about our network etc. just
> ask. I´d really appreciate some help!
>
> Petr

In most cases I go with an inexpensive VPN capable router for a small
network. It's likely that any server you might have in a small network
is also doing many other things like serving files, running as your
active directory domain controller, database server, name resolution or
all of the above. It's easy to setup the security incorrectly on a
server and if that server is also your domain controller and file server
then you will just be allowing unrestricted access to the most important
resource in your network from the Internet.

I like the Netopia 3386-ENT devices myself. It supports almost all the
major VPN protocols for a cheap price (less than $200usd). This device
is sufficient for most small networks. If your Internet connection is
any faster than 10Mbit then you might consider something a bit better,
the Netopia seems to handle your typical 5mbit download/1mbit upload
ADSL and Cable modem type connections without slowing down.

As far as gaining access to the resources on your network, this is
mostly a separate issue. To gain access to the internal servers once
the VPN is established is exactly the same as if you had a WAN link
connecting the remote site and the network.
You need to make sure that some form of name resolution is working, that
means that the VPN server should give out the correct internal DNS/WINS
settings to the client so it will be asking the correct server for
network addresses. Also when it comes to network browsing you will
likely need to type in the server address manually if you are connecting
over a dynamic connection like a VPN. Even when you have all the
required WINS servers running and the client is resolving the server
correctly it can take some serious time before the client will build a
local version of the browse list. Just make sure you know the proper
names to connect to your servers before you worry about venturing into
getting "network neighbourhood" type functionality to work.

--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)

 

[petr]

Archived from groups: comp.dcom.vpn (More info?)

Thanks for your Reply, Mike! It help a lot to know that making the vpn
connection and accessing resources are two different things - I was
really confused about this before. Every article about establishing a
vpn in Windows describes how easy and great this feature is, but it
always ends there and nobody sais how to get to the ressources after
the vpn has been established...

I actually once tried accessing shared ressources using the method of
manually typing in the vpn server address, but I thought that to be so
complicated it couldn´t possibly be the real solution.

I´ll have a look at the router you mentioned, maybe that will help to
understand vpn better, too. Thanks again for your helpful answer!

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

Netopia Router will do. I personally like Sonicwalls. You would need
to purchase a Sonicwall, the model will depend on the number or users
that are on your local network, however, most likely a tz170 will do.
You can find pricing on these at many places as in sonicguard.com etc.
Just google.

The reason I like Sonicwall is that it is relatively easy to setup and
they run excellent! Dont waste your time on cheap routers, you will
regret it. For a tz170, you are about $375-500 for a 10 user
firewall/vpn router. They have a Global VPN client that is simple to
setup.

What you would need:

1) A Sonicwall Firewall - most likely tz170
2) Global VPN License - you can buy single , 5 pack, and 10 pack etc..
(for each person accessing the network remotely)
3) VPN Client Software- $40-50

I would recommend getting the 8x5 support option as if you are new, you
might need them to walk you through the setup.

Hope that helps!