Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote access from another city to gain access to our server.

Status
Not open for further replies.

qmann

IS-IT--Management
May 2, 2003
269
CA
I want our remote server in another city to access certain files on our server. We do have dsl and need this access to be fast. I am aware of pcanywhere but this is too slow. Are there any other ways that we can communicate between servers in different cities.
 
If the server you need to accses is running Windows 2000 Server, you can enable Terminal Services and access it that way. PCAnywhere is a huge pain in the you-know-what, Terminals Services is much much better. After have the Terminal Server installed on the target, you'll need to install a Terminal Client on the computer you will be accessing from. Search the Microsoft support site for details on how to accomplish all this.
 
it is windows nt 4.0 any other ideas.. an upgrade in server software may be an option
 
If you need only to access the files and not take control of the remote server. Since you have a DSL connection between the two sites. You could use VPN to connect to the remote server. You would need to set up your NT box to accept VPN connections (remote access). Then your router or firewall should allow you to foward the VPN packets to your server (port 1723). You would then set up a VPN session on the remote client using the Public IP address of your firewall which is then forwarded to your VPN server (your nt box). Once you're authenticated you are now a trusted node on that network.

Another/More secure way is to use a VPN appliance at the remote network. That way your NT server isn't even touched by the remote user before getting authenticated.

Another more permanent way would be to put a VPN appliance
at EACH location and create a "branch" VPN connection betwen the two sites. You would have access from either side. And it would always be ON (connected) Cisco Pix 501 and Watchguard Firebox II have the branch vpn feature.


I know this is pretty vague. Hope it helps. Feel free to "pick my brain" further on this topic.
 
I agree the VPN solution is probably the best option. Terminal Services by default won't allow you access to the remote files locally. You would have to use a third party utility to copy the files locally or have the applications you need to look at the files installed on the remote server.

You can use Windows 2000's built in VPN feature, but as rstitzel suggested a firewall/VPN appliance is really the way to go. I put my vote in for a couple of NetScreen XP's or XT's.

 
what we basically have is a database program that needs to be accessed from both cities. Changes need to be done to affect the overall database, whether it be done in city one or city two. VPN is totally new to me and i will definately research more on the topic. Any more information or websites would be great. thanks for your help!

Q
 
also what would be the cheapest way to do this.. i've seen some that are extraordinary amounts of money... we already have a highspeed router, do we need to replace this with a highspeed router with vpn support or is there a type of add-on appliance.

Q
 
did a little searching and found out this:

we are currently using a D-Link DI-604 router. This is not a vpn router but it is capable of supporting VPN client software. Will the software basically take care of everything and what software is the best for this process. Also accessing from a remote location is done how??? Through a web browser, third party software? Any help will be useful. You all have been great.
 
Looks like your router does support VPN pass through and is somewhat of a firewall. I not familiar with VPN pass through and would recommend calling Dlink support to see how this works. I think your thisclose to getting this accomplished. Some information you may need to give them; your external ip address (public) on both ends, your nt "vpn" server's internal address (private.

From Windows 95 - Windows XP you can create a VPN client session to connect to a vpn host. Windows XP is the easiest! The set up is a wizard that walks your through the entire set up. 2000 may be the same I don't remember. You can also go up to microsoft's support site and download the docs for Windows 95 and 98. Once connected/authenticated you get an IP address from the remote network and become a trusted node in the remote network. And can map drives, ping remote address, print to remote printers etc.

Setting up VPN support on NT 4 is pretty simple as well. You do it through setting up REMOTE ACCESS. Again get the docs from microsoft's site. That way you get every step.

Hope this information helps and good luck to you.
 
A VPN is (Virtual Private Network). Virtual as in it is private but being sent across a "public" network (i.e. the Internet.

So if you have two VPN devices they negotiate a "tunnel" over the Internet. This "tunnel" is encrypted so the traffic flowing across it is encapsulated whithin the VPN tunnel kept private from the Internet.

The way you would access resources on the remote network across the VPN would be the same way in which you would access resources on a network in the room next to you that is on a separate IP subnet. So say your office is subnet 192.168.1.x, the remote office would be visible as 192.168.2.x. The VPN applicance or client then acts as the router between the two subnets. So you would be able to browse computers or resources on the remote offices network through network neighborhood or whatever means you normally use on your local network.

To answer your other question somewhat you can simply use Windows 2000 to create a VPN between the two offices. I call this the "poor man's" VPN. Only because anytime you have a Windows box connected directly to the Internet it is always vulnerable so I don't consider it the best solution.

It may however serve your purposes perfectly and be a cost effective solution. You can even use this solution with two Windows 2000 Professional computers designated for the VPN for a cheap solution.

Here is a MSKB article on configuring VPN on Windows 2000 Pro:

 
ok, i found a walkthrough on the net on installing vpn on nt4 server. i still need the appliance for this, (sounds like the best way to go as software seems to bog up the server) but can you guys check this out and tell me what you think.

thanks for your help again.. you guys have been amazing.

Q
 
qmann,

That is a good article regarding RAS (Remote Access Server) for NT 4.0 which you can definitely use to accomplish what you need to get done.

If you can spare a couple of computers that meet Windows 2000 Pro hardware requirements (they could be older slower machines as they will only be responsible for connecting the VPN tunnel) I would suggest trying that if its an option. Then you won't add the processing load to your server.

Also, just FYI I believe the NetScreen 5XP appliance with VPN support will run you about $500 per office. The reason I like the NetScreen product is that the OS is embedded in an ASIC chip which makes it much more secure and less vulnerable to hacking or external manipulation than some of the other products that run on a modified common OS like WatchGuard (Linux kernel) or Cisco PIX (Cisco IOS). But that's all just my own personal preference. I've been working with NetScreen products for a couple of years and work with some of the others from time to time and I just like the NetScreen best.

Let us know how it turns out for you! :)
 
if i only want city 1 to access city 2 and not vice-versa do i need two appliances or can we get away with one at city 2?
 
Actually you can. NetScreen also has a software client piece called NetScreen remote. I think it is pretty inexpensive, like around $90 for a 10 user license. The only thing to consider then is that the software will then be installed on each computer that is connecting to the applicance in the remote city. So actually a separate VPN tunnel will be created for each client connecting. The Netscreen 5XP can support up to 10 VPN tunnels.

I see the software client basically as a good solution if you just want to dial-up and connect periodically. If you want a permanent connection that's "always on" I'd go with two applicances.

If you had an appliance in place at each site you could have one constant VPN tunnel between city 1 and city 2. Either one will work, it just kind of depends on how you want the connection to work and what solution fits your needs.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top