A little help for VPN ideas

[ckaspar]

The President of my company maintains our mailing list but I serve it from an access database on my computer. Thus he is only able to update that mailing list while he is here. Unfortunately, he only spends about 10% of his time here. The other times he is at 1 of 4 other sites or on the road. He only has his laptop as a computer.

He is running XP Home and I am on XP Pro.

Are there any suggestions you guys have for allowing him to connect directly via a VPN, or not, so he can update anywhere? I am new to VPN ideaology but it appears to provide great advantages.

I have a static IP that I host a web site on and he is primarily going to be using dial-up or DSL with a dynamic IP address.

Any help you can provide would help out a lot.

Thanks in advance!

 

[MaxPipeline]

Basically you will need some sort of VPN server on your network and a VPN client app on your boss' laptop. The server can be a Windows server with PPTP enabled. Then your boss can use PPTP to VPN into your network. This may also require some port forwarding on your router if you only have a single static IP that your network is sharing.

I would suggest going to Microsoft's website and search for info on PPTP.

Another option would be to use some sort of IPSec solution. This is more secure than PPTP but will likely require purchasing the IPSec apps needed.

 

[d1rage5]

if the list is on a server, you could run Terminal Server in administrator mode and he could logon and make the changed from anywhere that he has a network connection (unless that site has blocked TS outbond connections on a firewall)....

 

[notquiteageek]

The database is stored on an access database on your computer. If this is your main application, you need secure remote control, not just a VPN. The problem with just using a VPN is MS Access is going to try and download all the tables to his machine. Works OK at 100 MBPS on the office LAN but on a slower WAN link forget it.

If the boss is the only one traveling then I recommend he subscribes to gotomypc.com and remote control into his office machine. This costs about $ 20. per month per pc you control.

If you have others besides the boss who need to get remote access, maybe at least 5 then gotomypc gets expensive so try Plethora Technology's Perspective. That includes VPN, Remote Control, and Secure IM for 10 people. It's a one-time server/software purchase. 10 people costs about $2500. one time for the server and software.

 

[John Lewis]

notquiteageek has the right idea . . . you don't want to pull Access across any internet connection unless you absolutly have to.

Personally would skip gotomypc, you don't need it and adds another layer to possible security holes.

I would consider using the remote desktop system provided with XP. Generally works well and eliminates the problem of moving the data across the net. Free.

On another note, you should have a firewall, and the ports needed should be blocked. There are people looking for a way to hack that, and sooner or later one of them will get a hit. Just a matter of time.

Use a VPN connection to get past the firewall. If you were using the same dialup connection consistently, you could allow the IP range that the ISP uses past the firewall without too much concern as it is not likely that an attack would come from a dialup connection. Not impossible, but not likely either.

 

[SpotLizard]

Ckaspar,

There are forms of remote control software that are free, such as XP's built-in Remote Assistance or TightVNC. The latter affords a reasonable level of security, but it's never going to be as good as a VPN solution.

Implementing VPN may require changes to your existing network infrastructure. If you don't already have one I would definitely suggest a hardware firewall. If you leave a VPN server hanging out there it's fair game to any script kiddie with a port scanner and some free time (they probably won't be able to hack it but it won't stop them from trying).

Some hardware-based firewalls offer a built-in VPN endpoint but these are not without their problems (just browse the VPN forum in the Data Transmission section of this board).

The basic premise of VPN is that it requires 2 components: A server (Windows 2000 works very well for this) or some form of endpoint that provides authentication to a user requesting remote access. Then there's the client software that is supplied with Win XP and 2000 (and can be downloaded for older 'downlevel' clients from Microsoft). IMHO, the Windows server option can be the easier to setup, however, it needs to be secured and protected and can be much more expensive when you factor in any additional hardware and OSes.

Hope this helps.

SL