Re: VPN Issues
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/07/04
- Next message: Phillip Windell: "Re: 2 pc's, 4 port router, home network"
- Previous message: Alex Tarata: "Re: VPN Issues"
- In reply to: Ola: "VPN Issues"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 07 Jun 2004 13:41:46 GMT
Since you are using NAT you not need to use a second nic. Just port forward 1723 tcp
to your rras server and also enable protocol 47 or commonly referred to as pptp
passthrough. Make sure that the users are using complex passwords which you can
enforce with password policy as pptp is not as secure a l2tp and all that is needed
is password to access the vpn from the internet unless you can restrict which IP
addresses the router will accept traffic from which can be difficult with roaming
users. It is also possible to lockout remote access users from bad password attempts,
though that requires a registry mod and if you use it I would suggest a five minute
lockout period to deter hack attempts while still allowing user access without
administrator intervention. Keep in mind that unless you are using a wins server or
lmhosts file, that browsing the network from the vpn connection will be problematic
at best and users may need to connect as in \\xxx.xxx.xxx.xxx\sharename where
xxx.xxx.xxx.xxx is the lan IP address of the computer they want to access. I suggest
you enable wins on the network if it is not already used. You should be able to
access Active Directory Users and Computers over the vpn or use Terminal Services in
Remote Administration mode through the vpn tunnel. Again keep in mind that pptp is
not the most secure method compared to l2tp or a device that has ipsec endpoints and
would require client software on the remote computers. L2tp would require client
computer and server certificates and a direct connection to the internet since l2tp
will not work over NAT in W2K, though it will in Windows 2003 if the clients have the
NAT-T upgrade installed and the firewall is configured properly. An ipsec endpoint
device and client software will add cost to the installation with the device costing
a couple hundred bucks and probably a hundred bucks for each vpn client software
license. The links below may be helpful. --- Steve
http://www.microsoft.com/serviceproviders/whitepapers/vpn.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;300434
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B176321
http://support.microsoft.com/default.aspx?scid=kb;EN-US;150800
http://support.microsoft.com/default.aspx?scid=kb;en-us;292822
http://support.microsoft.com/default.aspx?scid=kb;en-us;q310302&sd=tech
"Ola" <anonymous@discussions.microsoft.com> wrote in message
news:18f2201c44c90$5c7c7b40$a301280a@phx.gbl...
> Hello all,
>
> I am trying to setup a VPN for a small company of 10. I
> also have the issue of high turnover of employees in this
> small company because income is commission based. So I am
> trying to achieve two different things.
>
> 1. VPN access to the employees - They need access to
> network data while on the road sometimes. The question
> here is do I need 2 NIC's to setup a VPN. I have never
> setup a VPN before, however, I have opened port 1723 on
> my router to allow PPTP to my server. So other than
> running RAS on the server and running VPN Client on the
> workstations, what else do I need. You should also note
> that the company is using a fractional T1 line, so there
> is no phone number to dial into.
>
> 2. I need to be able to add and delete users remotely. If
> I am able to get to the server by resolving question 1
> above, would I be able to accomplish question 2, or do I
> need more to be able to use Active Directory Users and
> Computers?
>
> Thanks in advance
>
> Ola
- Next message: Phillip Windell: "Re: 2 pc's, 4 port router, home network"
- Previous message: Alex Tarata: "Re: VPN Issues"
- In reply to: Ola: "VPN Issues"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
