Re: VPN Problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Phillip Windell (_at_.)
Date: 02/20/04 

Date: Fri, 20 Feb 2004 15:26:58 -0600

"Brian Minier" <brian_minier@no-spam.iisvr.com> wrote in message
news:OkCN4u#9DHA.3644@TK2MSFTNGP10.phx.gbl...
> information to the symantec enterprise vpn software, I was prompted to
login
> before I was able to access the server. Sadly too, the machine connected

OK, that's normal

> did have a hardcoded WINS server. I wonder if maybe I hardcoded the DNS
to
> point to the server too?!

I always did it with DHCP and, yes, it received both a WINS and DNS Server.

> As far as bandwidth requirements, we're coming in on a line which has
512Kb
> upstream so I would think with only 1 or at most 3-4 VPN connections it
> should perform rather well. But than again I did not take into
> consideration they bandwidth needed (do you have a guess) to do browsing?

Not really, I just know that that stuff was designed to run on LANs with at
least 10mbps in mind. I don't have any exact specs. 512 seems like it should
be "do-able" anyway.

> To be honest though, as long as we can access programs and our SQL server
I
> shouldn't get too many complaints.

You should be able to get that.

> And to provide a little more information, I can always access the server
> using \\server and if i've not yet supplied a correct name/password I get
> prompted and log in. I've seen the SBS server logs and it looks good.
When
> I do type in \\server or browse to server, I can always see the little
> microsoft logo in the upper right corner doing it's animated thing. BUT,
> when I try to access a share on the server it does not do this and I have
to
> ctrl-alt-dlt and kill that explorer process.

That is the (amost random) undependable performance thing I was refering to.
Probably if you just went and got a sandwich and came back 15 minutes later
it probably would have worked and wasn't really locked up.

> Any more info you can provide? At this point, the firewall is actually
not
> much a firewall as I'm allowing all traffic in and out in hopes of making
> the VPN work.

That is a misconception. There is no need to allow a bunch of anything
through. The only thing the firewall has to deal with is the VPN Tunnel
itself. The firewall has no concept of, nor ever sees, what crosses the
wire inside the Tunnel, so it would neither allow it or block it....the
firewall is just simply irrelevant to whatever happens inside the Tunnel.
So if it simply allows the Tunnel to exist you are done and the firewall is
"out of the picture" at that point. All of your security will rest on the
DC, user accounts, NTFS permissions, etc,....not the firewall.

It sounds like you really aren't in that bad of shape. Your description
seems pretty normal to me. Using "client-server" situations like your Apps
using the SQL Server usually work fine, but remote filesystem browsing is
usually sluggish. You may find browsing the remote filesystems using a
command prompt like "DIR //servername/share/*.*" to be almost instant
compared to the GUI. Also remember that a 512k DSL line may not really be
512 both ways,...often they are 128 in one direction and 512 in the other.

80% of the time I use PCAnywhere across the VPN to control a remote machine
since the remote machine can browse perfectly fine and PCA only has to
transfer the screen updates. If I need to bring files to and from the
machine I am sitting at I simply use the FTP ability built into PCAnywhere.
That FTP transfers faster than Windows Explorer will do it in the GUI. 

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Relevant Pages

  • Re: More on Remote Desktop
    ... Chances are good, though, that he's already got VPN capabilities on his ... firewall to do it for $100. ... > server at home...or purchase additional/new hardware... ... >> my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: More on Remote Desktop
    ... You realize the Remote Desktop data stream is encrypted the same as a PPTP VPN link... ... Unless of course the original poster wants to implement an L2TP/IPSec VPN server at home...or ... > firewall to get between your clients and server on your own LAN. ... > setup so that my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: VPN Firewall for new webserver
    ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ...
    (comp.security.firewalls)
  • Re: Cant logon to computer in SBS Domain..
    ... Does the user can access and log on to the Remote Web Workplace? ... Whether you can connect and log on to the server desktop through RWW? ... On the Firewall page, ensure that Enable firewall is selected. ... About External Firewall VPN ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Problem
    ... It is more reliable in a routed VPN ... of another packet and is not seen by the firewall filters. ... >> before I was able to access the server. ... > using the SQL Server usually work fine, but remote filesystem browsing is ...
    (microsoft.public.windows.server.networking)