Possible VPN?

[Stryke3]

Need help (dont know what to ask) but here it goes. I've been told the only stupid questions are the ones never asked...
Lan = private ip address' 10.222.2.xxx gateway to internet is a cisco 1601 router ip 65.197.xx.xxx.
the router does Nat inside and outside for the private ip's.
i have a block of legal ip's from my provider, i use some to do the nat pool. and some unused.
what i (and my boss) would like to acomplish is this.
Let outside users that dialup to other isp's login to an nt4 server running RAS, and have access to my internal network.

so my questions start here:
IS vpn the right answer (from what i read it seems to me it is)PPTP?
Do i have all the hardware i need?
server - router - connection to the internet? (t1)
and other than client setup do those outside users have what they need? dialup internet connection.

Do i assign a private ip to the nt4 and somehow create a static route in the cisco router?

---or---
am i barking up the wrong tree?

If i have omitted information needed to give me some type of answer/idea i will glady answer to the best of my ability if you ask.

thanks,
TB

 

[Stryke3]

Ok, so after reading even more post here, and searching posts elsewhere, it seems that those of us that want to use vpn and Cisco 1601 routers are viewed as lepers, Plagued or otherwise over looked. Guess I will buy a different router and see what I can accomplish on my own.

Thanks.

 

[John Lewis]

those of us that want to use vpn and Cisco 1601 routers are viewed as lepers . .

Sorry if you got that impression . . . not the case at all.

Sounds like you do have the right idea. Not really shure about the capabilities of your router. If it can route a public IP to your server, that would be the way to go. I would assume it can, but don't know how to configure it.

What else is running on your NT server? DNS in particular doesn't play well with incoming connections on the same machine.

Your server should have two network cards installed. Other than that, sounds like you have the hardware, assuming your router is capable as mentioned earlier.

On the client side, you should be fine to make a connection. Dialup is going to be super slow. Wouldn't count on 'browsing' the network or anything that requires large amounts of data going back and forth. MS Access in particular could be a problem. Terminal services, getting email (no huge attachments), and similar should be possible.

There are some dialup ISPs that block the protocols and/or ports that are used by a VPN connection. Doesn't do much good to ask them, the people on the phones usually don't know. There are a few broadband providers that do the same, although not as many. If you run into that, not much you can do other than have your user switch ISPs.

Bandwidth requirements will vary depending upon the number of concurrent connections. If all of your clients are using dialup, you should be able to service 50 or so with a T1, assuming there is no other internet traffic at the same time.

 

[Stryke3]

mhkwood,
First off thanks for the response. You have also raised further suspicions i had about the vpn connection being slow. The application configuration we use, to me, would not seem to allow itself to vpn use. (Dial-ups may be super slow) The amount of data requests based upon the application (written in foxpro 2.6) seem to me to be very high. (intital loading of the program files (.exe, .prg, .dll. fonts, etc.) we used this application over a frame relay sevice at one time, and the speed was (to users outside the lan) un acceptable. I sugested a citrix enviroment or something simalar. But it was blown off as expensive and not critical to our applications. I think i will step back once again and make a case for different solutions. Once again, thanks for the response, I appologize for the flustration level in my response to my original post.

 

[John Lewis]

Citrix or TS would be your best bet. You should be able to install the program files locally on each client (possibly subject to licensing for the app), but FoxPro uses a ISAM style db, so large chunks of the data have to flow back and forth as well. Data corruption is the worst case and quite possible over dialup. Important to note here that VPN is not the problem, dialup is. This could work over broadband connections, although the other options would still be better.

If you only need one user at a time, you could setup a spare machine with a VNC server (see

http://www.tightvnc.com

), VPN into the network and let the user remotely control that PC. Upside is the cost, downside is you would need one PC for each concurrent user.

 

[breader]

Actually, now I've never done this but Im told by my Linux friends that if you could setup a Linux box, VNC on Linux allows for multiple people at one time with multiple desktops.
Again never tried it.

 

[John Lewis]

Yep. VNC on linux will allow multiple clients. How do you get FoxPro to run on Linux???

 

[Stryke3]

Often i find the questin is... How do i get foxpro 2.6 to run on anything current? Believe me its been an issue.

I have considered TS and will look farther into that option. I also have suggessted that our outside users, do move to a broadband connection of some type. Running the program files on each client would reduce the amount of traffic for sure, but the data requests are stil there. Thanks for the link to tightvnc. at least the traffic would be reduced to screen refreshes and keyboard input. That might be an answer until i can convice the higher ups, that if we expect to increase our ability to service customers on a greater scale, we need to look very seriously at connectivity issues that for us are at least ten years old.