Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT4 VPN with SonicWall

Status
Not open for further replies.

Guest_imported

New member
Jan 1, 1970
0
This is a cross-post from techsoup.org, where it generated a lot of interest but no knowledgeable responses. Can someone help Ed and a bunch of other nonprofits?

Hello,
Several organizations I work with would like to have a WAN that links multiple physical sites allowing file sharing within a single NT domain so that all employees can share files and databases and have access to an internal email server. (Exchange or Sendmail, etc) We'd like the network to look as if everyone is actually in the same building. (Speed aside)

If you have a big checkbook you can buy hardware solutions from people like Cisco, etc. If you don't, you get creative.
In my case I tried to use NT4's VPN provided as part of RRAS. This worked fine when the two servers are sitting side by side without any firewalls in between, but one I put all the parts in place it got ugly. I'm using SonicWalls.

Has anyone out there tried linking multiple sites together using a VPN based WAN? I'm assuming each site has a DSL connection and some sort of NAT router/firewall. This implies something like $500 to $1000 worth of hardware at each site, but this is less than a full blown commercial solution.

Thanks, Ed Mills


 
Make sure your DSL modem/router passes IPSec. Sometimes takes a firmware flash to update. Firmware-beware.

If you've got SonicWalls at all your sites, have you looked at doing site to site VPN between the SW's? Not sure what the upgrade to the SW's would cost.

Linksys now has VPN support on their Cable/DSL router
Model #: BEFVP41
looks like you can pick one up for $150 online

I've setup a number of their non-VPN versions of this device and been satisfied. I've not been impressed in the past with Linksys NIC's and hubs/switches, but this series of products seems ok. Search google.com on BEFVP41 and you'll get the good and the bad.
 
We use SonicWalls, extensively. We have two of the sites using internal addressing to synch DNS and other things. We are also using 3DES IPSEC. If you want PCs at site A to access an Exchange Server at site B through the VPN, you can have WINS on both sites replicate through the tunnel and have both as options for workstations. Also, you can created an internal DNS zone for using internal addressing to assess the Exchange Server. With the SonicWalls, since they are kind of quasi hybrid in the bridge/router since, it is best to use NAT at the firewalls. Our problem was that our main office uses NAT and the remote site uses Standard addresseing. When the remote site would send a call out, the LAN and WAN ports have the same address- Hence; the main site would try to send back through the VPN when the request went to an outside address on the NAT. Example: remote site goes to 20x.x.x.45. It hits the outside of the main firewall, does the one to one NAT deal and then the main firewall will try to send the response back through the NAT since it has a SA with the remote IP Address ( the address is the ssame- no NAT). To get around that we made the primary DNS for the remote the internal address for the main DNS.
 
1. Use hardware solutions. Do not mess around with VPN client/host software (speed, stability, security, etc).

2. Linksys has a good product in the BEFVP41. you can install one just behind your dsl modem in your offices and use it as NAT and DHCP for your network.

3. You can then configure IPSEC compliant VPN tunnels from each outlying linksys box to the main network, providing domain logons and sharing network resources transparently.

(i just noticed linksys vpn boxes selling for 99 bucks on computers4sure.com so street prices are low)...
 
What model of sonicwall do you have? You will need two sonicwall routers.
1 for the main office
1 for the remote office
The sonic wall pro100 you will have to buy the VPN software for that. This will be unlimited
The Tele sonicwalls come with the VPN but only allow 5 users.
The SOHO3 you will also need to buy the VPN software for it.
I would put two sonicwalls in and connect the sonicwall together by their VPN software. I have them and they work great!
 
I have the same pb with my COM21 modem which are SonicWall based modems.
See my post on "poor response time with NT servers" : I think the pb comes from the SMB protocol which needs one ack for each packet and many packets are exchanged !
Anybody to confirm this explanation ?

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top