Re: VPN or IPSEC?
- From: "Wells Caughey" <wellscaughey@xxxxxxxxxxx>
- Date: Fri, 29 Dec 2006 14:04:41 -0500
Jerome,
This looks like exactly what I've been looking for!
Thanks,
Wells
"Jerome Baum" <gratemyl@xxxxxxxxx> wrote in message
news:1167409605.481068.226390@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have an idea of a solution which could work for you, but it uses
third-party software, so I don't know if you are willing to deploy
that. Anyway, take a look at OpenVPN (http://openvpn.net/). This can
run as a service (even with a hidden ethernet adapter so the whole
thing is transparent to your users) and should thus be suitable for
your purposes.
You would need to open up one port, but it is your choice which one
(you are not bound to Microsoft's choice for the port, which is the
reason why I chose OpenVPN).
Worth taking a look at. If you need help with the configuration, feel
free to ask - it can be a challenge to get it working at first, but
once it is working, it is brilliant.
-jerome
Wells Caughey wrote:
Robert,
Does IPSec need static IP addresses for the domain isolation stuff? If
so that could be a deciding factor right there. Our users have to "sync
with Active Directory" because they are out in the field all the time
(often times more than six hours away from the nearest office) and they
may need to change their password, or start using a spare laptop that
does not already have their profile/account loaded if their other laptop
breaks. Really, there are a number of things that might require them to
connect to Active Directory.
I too would prefer a PPTP VPN, my problem here is that I can't seem to
find a way to make the VPN connection automatic or demand-dialed from XP,
and my users have difficulty when they do have to use it. Really what I
want is a VPN client that looks like an ethernet adapter and is
completely invisible to my users, but I got no traction looking for this
solution so I am having to think laterally...
Wells
"Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
news:O$5vFAwKHHA.1424@xxxxxxxxxxxxxxxxxxxxxxx
I beleive PPTP VPN is better in this case because the IPSec need static
IP (in most cases). Why do you want to sync with Active Directory?
Normally, our clients using VPN without synchronizing with Active
Directory should be able to access most VPN resources.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Wells Caughey" <wellscaughey@xxxxxxxxxxx> wrote in message
news:ujQA9soKHHA.420@xxxxxxxxxxxxxxxxxxxxxxx
Hello everyone,
The vast majority of my company's users work out in the field and
rarely, if
ever, come in to a branch office. Now there are times when these
users need
to access a file server or thier laptop needs to sync with Active
Directory.
I was thinking that I would let them connect to the corporate network
via a
VPN, but it turns out there is not way to setup Windows XP to
demand-dial a
VPN or have a permanent VPN connection to the corporate network, and
our
users get confused and frustrated about having to manually connect
the VPN.
My question here is, should I continue with the VPN strategy, or
should I
switch gears and make the domain controllers visible on the Internet
and use
IPSEC to retstrict access to only domain computers? Or is there a
third way
that I don't even know about?
I'd apprecate any advice,
Wells
------=_NextPart_000_000A_01C72B33.B7087620
Content-Type: text/html; charset=Windows-1252
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 4277
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.5730.11" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Robert,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Does IPSec need static IP addresses for the
domain
isolation stuff? If so that could be a deciding factor right
there.
Our users have to "sync with Active Directory" because they are out in
the field
all the time (often times more than six hours away from the nearest
office) and
they may need to change their password, or start using a spare laptop
that does
not already have their profile/account loaded if their other laptop
breaks. Really, there are a number of things that might require
them to
connect to Active Directory.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I too would prefer a PPTP VPN, my problem
here is
that I can't seem to find a way to make the VPN connection automatic or
demand-dialed from XP, and my users have difficulty when they do have to
use
it. Really what I want is a VPN client that looks like an ethernet
adapter
and is completely invisible to my users, but I got no traction looking
for this
solution so I am having to think laterally...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Wells</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px;
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Robert L [MVP - Networking]" <<A
href="mailto:noreply@xxxxxxxxxxx";>noreply@xxxxxxxxxxx</A>> wrote in
message
<A
href="news:O$5vFAwKHHA.1424@xxxxxxxxxxxxxxxxxxxx";>news:O$5vFAwKHHA.1424@xxxxxxxxxxxxxxxxxxxx</A>...</DIV>
<DIV>I beleive PPTP VPN is better in this case because the IPSec need
static
IP (in most cases). Why do you want to sync with Active Directory?
Normally,
our clients using VPN without synchronizing with Active Directory
should
be able to access most VPN resources.</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR>Bob
Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet, Routing, VPN
Troubleshooting on <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A>
<BR>How to
Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A>
</DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px;
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Wells Caughey" <<A
href="mailto:wellscaughey@xxxxxxxxxxx";>wellscaughey@xxxxxxxxxxx</A>>
wrote in message <A
href="news:ujQA9soKHHA.420@xxxxxxxxxxxxxxxxxxxx";>news:ujQA9soKHHA.420@xxxxxxxxxxxxxxxxxxxx</A>...</DIV>Hello
everyone,<BR><BR>The vast majority of my company's users work out in
the
field and rarely, if <BR>ever, come in to a branch office. Now
there
are times when these users need <BR>to access a file server or thier
laptop
needs to sync with Active Directory. <BR>I was thinking that I would
let
them connect to the corporate network via a <BR>VPN, but it turns out
there
is not way to setup Windows XP to demand-dial a <BR>VPN or have a
permanent
VPN connection to the corporate network, and our <BR>users get
confused and
frustrated about having to manually connect the VPN.<BR><BR>My
question here
is, should I continue with the VPN strategy, or should I <BR>switch
gears
and make the domain controllers visible on the Internet and use
<BR>IPSEC to
retstrict access to only domain computers? Or is there a third
way
<BR>that I don't even know about?<BR><BR>I'd apprecate any
advice,<BR>Wells
<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_000A_01C72B33.B7087620--
.
- References:
- VPN or IPSEC?
- From: Wells Caughey
- Re: VPN or IPSEC?
- From: Robert L [MVP - Networking]
- Re: VPN or IPSEC?
- From: Wells Caughey
- Re: VPN or IPSEC?
- From: Jerome Baum
- VPN or IPSEC?
- Prev by Date: Re: NAT with IP Filters
- Next by Date: Re: windows 2000 domain controller
- Previous by thread: Re: VPN or IPSEC?
- Next by thread: DHCP and VPN question
- Index(es):
Relevant Pages
|
Loading
