Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up first VPN in workplace

Status
Not open for further replies.
DaVinci135

DaVinci135

Technical User
Joined
Jan 23, 2005
Messages
3
Location
US
I work for a company that is about to open a remote branch in another state. We already have a LAN in place in the home office and now would like to setup a VPN to share resources with the new office. One of our main goals will be to share a MS Access database that resides on a computer within our office. I have done some research and gathered that I would most likely need a VPN with a Terminal Server for the best performance. I was wondering if you could provide me with some advice on the hardware, software, and procedures necessary to fully implement this idea. Our current configuration is as follows:

- DSL connection to Broadband modem
- Broadband modem to Netgear Wired/Wireless Router
- 5 PCs (one acting as a "server" or shared file resource)
- 2 Netgear switches to network 4 other PCs
 
Sort by date Sort by votes
For a start...
Server of bare min 1 Ghz, your better off with fairly recent offers, but you do not need the faster server available. I would recommend a minimum of mirrored drives on the Terminal server, and the ability to back it up. The TS server needs to be a dedicated machine, you don't want users working on this machine.

mucho ram, my units all have 2 Gig to start.

Connecting to Terminal servers through VPN tunnels is the most secure. Accessing a database via VPN directly will cause heartache and corruption, straight VPN connections access files slowly.. go with the VPN to Terminal server approach, speed is excellent.

The office side should have a static IP address for the broadband line. the remotes are not critical.

UPS units on the TS and all devices used for the broadband communications. . TS servers are a bit more work than a standard server build. Do not make the TS a domain controller, a member server is more secure.
 
Upvote 0 Downvote
Just a few questions:

1. Are the VPN server and Terminal server two separate machines or can you use one box for both purposes?

2. Being that I'm behind a router, what do you suggest in terms of static IP addresses? The VPN server will be behind a firewall (which is behind the router). Should I acquire a static IP for each device or will one do?

3. In terms of the hardware involved, what devices would I need to get this up and running? For instance, do I need a VPN server (hardware) or can this be handled with software? Do I need a new router in addition to what I already have or can I use my netgear?

Thanks for the reply, it is much appreciated!
 
Upvote 0 Downvote
Preferably two separate boxes for the servers. But it is possible to have it on one, but security issue abound especially with domain controllers.

On the positive side, like I said, the TS need not be a super server. A 2.8 Ghz
single process, 2G ram, with 2 72 gig drives mirrored, preferably scsi, preferable dual power supplies will suffice; a cheap monitor or a shared monitor via a KMV device will do, as no one will be using the TS server console execept for setup and maintenance. A deluxe TS server would have a raid 5 array on a hardware raid adapter, with a min of (3) 36 Gig disks.

One VPN enable firewall is all that is needed at the office, along with VPN software on the remote side or cheap VPN gateway routers. Personally I would not run OS based VPN except for a large office, VPN equipped gateway router are fairly cheap, require little maintenance, basically nothing to go wrong. Netgear has VPN models, Sonicwall is another, I have primarily used Sonicwall units for the office side; your netgear my be usable if it has VPN capabilities. If you have not setup a VPN system before I would recommend you get a consultant to do the initial setup, getting the system going can be extremely aggravating for a novice, (been there/done that 6 years ago). VPN initially is like learning a foreign language, difficult at first, easier as time goes on.

I use Linksys BEFsx41 or Befvpn41 for remotes if the remotes are stationary machines, Software VPNs clients for mobile laptops, though they have small USN VPN routers for laptops (linksys). One static for the office would be needed, the remote with work with either static or dynamic broadband addresses, on cable or DSL. The line speed need not be super fast, as key strokes and video updates are the main traffic( 768k down and around 278 up is sufficant).


With 5 users, I would have DHCP setup, with static addresses reserved for the five users and the TS and regular server, and the office router; a few static address are very easy to manage, the DHCP server could dole out dynamic address to a user from outside the office, who brings a laptop in.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question Question
Best vpn safe and fast
Replies
4
Views
1K
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question Question
How to Create an site to site VPN
Replies
1
Views
869
sircles
sircles
ramblingrebel
  • Locked
  • Question Question
Built-in Windows 10 VPN
Replies
1
Views
899
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
841
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top