Re: SBS VPN Strengthening
- From: "TimeTraveller" <TimeTraveller@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 12 Feb 2006 08:50:44 -0000
Hello John,
This indeed would work and is much the same as one solution I currently have
for a customer.
However.....
The main reason for this post was to avoid the cost of additional hardware
to my other clients, so a software only configuation would be preferred.
Looking at using just pre-shared keys instead of certficates would also be a
reasonable solution although not quite as tight as the Certs.
Remember all I am trying to so is move from PPTP to a much better system
without involving additional hardware if possible
Also this is mainly for Single clients connecting from home rather than
offices linked together, so will be MS-VPN clients to RRAS server (with
Static IP)
Thanks
Time Traveller
"John" <nospam@xxxxxxxxxx> wrote in message
news:uQuqWX1LGHA.3100@xxxxxxxxxxxxxxxxxxxxxxx
"TimeTraveller" <TimeTraveller@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ObicCKzLGHA.1124@xxxxxxxxxxxxxxxxxxxxxxx
Hi All,
Have SBS 2003 along with Server 2003 at various sites, a question I am
getting asked more and more is:
Can we have IPSEC VPN possibly with Certificates for authentication
(thinking L2TP here).
So the Q is.
How straightforward and what needs to be done at both the server side and
the client side.
Particularly if the client PC never directly connects to the Server
network as they are miles from the install site.
How to get the certs to the clients etc.
Have a think along these lines and lets have a thorough HOW TO on this.
PPTP is just a dead duck now and far too hackable.
I dont want to implement 3rd party router solutions and would much rather
use the MS RRAS server etc.
Thanks for your thoughts
TT
I am not sure how you would do all this in SBS itself but going the route
you prefer to avoid in concert with your windows servers......
You could can have your SBS server act as a certificate authority for a
number of external firewall/vpn devices. A Juniper Netscreen for instance.
You did not mention how your clients would be connecting. For remote
offices that are part of you business, you would install the Netscreens at
each location and they would establish the VPN between those offices. The
Netscreens would update their certificates using a URL that pointed to
your server acting as a certificate authority.
For remote users in the field you would use a software VPN client to
perform the same VPN functions as the Netscreen devices, but for single
user machines. Again Cert deployment would be performed using a URL to you
certificate server.
If you wanted an easier deployment you could even used a preshared key
based IPSEC VPN for each location that would not require certificates at
all.
I am not sure about SBS's own VPN capabilities but in the configurations I
described, if you have one central location that numerous remote offices
and remote users need to connect to, only the central location would
require a static IP for it's Internet access. If remotes offices also
connect to remote offices you could use a hub and spoke method VPN or use
static IPs at each remote office and create multiple VPNs between offices.
Hopefully this give you some ideas vs. creating confusion.
.
- References:
- SBS VPN Strengthening
- From: TimeTraveller
- Re: SBS VPN Strengthening
- From: John
- SBS VPN Strengthening
- Prev by Date: Re: IEICW Errors
- Next by Date: Re: Install SP1 and bypass ISA 2000 install ?
- Previous by thread: Re: SBS VPN Strengthening
- Next by thread: Re: SBS VPN Strengthening
- Index(es):
Relevant Pages
|
