Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need some input on what I can and can't do with a VPN...

Status
Not open for further replies.
mskennicutt

mskennicutt

IS-IT--Management
Oct 18, 2002
59
US
I'm thinking what I want to do isn't possible without using a desktop remote control application, but let me know if I am wrong.

We have a network application that clients run from the Win2k server via a shortcut to that executable on the server. I don't want to expose my server to the Internet (right now we use internal IP addresses and NAT) so I have not assigned an external IP to the server (and therefor can't use it as a RAS). My idea was to use a local client machine with an external IP for remote users to connect to via a VPN. The problem I think is that if users connect over a VPN, they will have access to files on that client but I don't see how they could [throught the VPN] access the executable on the server since the client will be a Win2000 Pro machine and cannot run Routing and Remote Access Service.

Am I right in my thinking that the only to do this is to use a remote desktop type of app (like PCAnywhere)? Or is there an obvious solution I am not thinking of?
 
Sort by date Sort by votes
You can set up your Server as a VPN server with Private IP's. You will need to set up Port-forwarding thru your router depending on the type of VPN you choose, IPSec or PPTP.... Do you have access to your router and what type is it?

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Upvote 0 Downvote
I see, so I could set up RRAS on the server and configure the Cisco 2600 to forward pptp packets to the server even though the server does not have an external IP?
 
Upvote 0 Downvote
Another question... if I set up port forwarding (well I wouldn't do it, but we have a consultant that configured our Cisco router that would make the changes) would I also be able to set up a VPN to my workstation which does have an external static IP? I don't know how port forwarding works, but are ALL pptp packets sent to the designated address or only packets sent to the gateway IP (so if I tried to connect directly to my workstation's IP would they be redirected to the server?)
 
Upvote 0 Downvote
Yes, you can forward the appropriate ports to your server, setup RRAS and you're ready to go, all without a public IP on the server.

Also, you certainly could at the same time VPN to your workstation with a separate public IP. Only packets to the public IP of your router would be forwarded. Packets to any other public IP behind your router will still go where they are supposed to, assuming the ports are open at the firewall.

Of course, another option would be to VPN to the server and access your workstation over that connection -- you would establish a route to your workstation over the VPN.

Another option would be to VPN to your workstation and turn on routing there. The workstation is capable of routing the packets, just not as easy to configure. The real down side to using W2K Pro as a VPN server is the fact that you are limited to 1 incomming VPN connection.

Generally, I think the second option (VPN to RRAS and route to your workstation) would best serve you, but without knowing all the specifics about who needs to do what when, it's hard to make a definite call there.
 
Upvote 0 Downvote
You could also purchase VPN-capable routers for each end and eliminate the need to have a server or workstation to handle the VPN routing. You would simply create a tunnel from router to router and connect the two separate networks into one network. MultiTech has a couple decently-priced options in this area, although they are definitely not the only way to go, just whom I am most familiar with.

-J
 
Upvote 0 Downvote
Well the users who need remote access are all individuals who would connect from their homes. If I had two locations to connect that would definitely be a good solution.

Thanks for everyone's input!
 
Upvote 0 Downvote
Could still go with VPN client software locally on the home PCs that need access, and have them log in to any VPN capable router. That would remove the additional load from the server, and save a little on configuration headaches, I would suspect. Let us know how it turns out...8)

-J
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
688
GlobeTrekkerGal
GlobeTrekkerGal
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
516
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
474
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
422
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top