I consult for a small company with 7 workstations (all running windows XP) and 1 file server (running windows 2003 server). This company has just hired 3 outside sales people who are out of the state and need access to some of the data on the file server. Each of the 3 has a laptop running windows XP. What is the best way to give them access?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Remote access to small network 2
- Thread starter mgm00056
- Start date
-
1
- #2
airbourne
MIS
- Sep 11, 2003
- 130
There are potentially a lot of infrastructure upgrades they could be looking at. I would go for a firewall with VPN capabilities. This would help secure the data against unauthorized access.
I recommend NetScreen or Checkpoint firewalls. Both companies have good firewalls for small businesses. Try to stay away from Cisco and ISS (Preventia series) firewalls.
Once a VPN tunnel can be established, you can then map a drive to the file server and as long as they authenticate to the 2003 server, they can access the files right from the newly mapped drive.
The only other way I could see you doing that is with FTP. Simply setup an FTP server that when a user is authenticated it drops them into a root folder with your company data. Then you can use NTFS permissions to grant or deny user accounts / groups access to various folders. While not the most secure or reliable, it's cheap and easy. You may have to reorganize your internal company shares depending on how you set it up, but it's doable.
If they need to modify files on the server and not just view or copy down the data, a firewall with VPN is pretty much your only option.
I recommend NetScreen or Checkpoint firewalls. Both companies have good firewalls for small businesses. Try to stay away from Cisco and ISS (Preventia series) firewalls.
Once a VPN tunnel can be established, you can then map a drive to the file server and as long as they authenticate to the 2003 server, they can access the files right from the newly mapped drive.
The only other way I could see you doing that is with FTP. Simply setup an FTP server that when a user is authenticated it drops them into a root folder with your company data. Then you can use NTFS permissions to grant or deny user accounts / groups access to various folders. While not the most secure or reliable, it's cheap and easy. You may have to reorganize your internal company shares depending on how you set it up, but it's doable.
If they need to modify files on the server and not just view or copy down the data, a firewall with VPN is pretty much your only option.
When you are looking for that firewall solution with VPN, you may want to watch for an option to use SSL VPN. I find that the traditional VPN Clients can sometimes cause problems on the PC's. I would really like to bring in a SSL VPN. This way there is no client being installed on the PC to cause problems.
Dan
Dan
-
1
- #4
SnapGear VPN servers are inexpensive, easy to use, and pretty secure. I have been using one for about 4 years now. It has been flawless.
With an office so small, I'd think that sonicwall, cisco, checkpoint would be cost prohibitive. Though if you have the funds, I really like Cisco's 3500 VPN Concentrator.
Another option is a linux based solution, opensource, easy to use, as long as you follow instructions closely.
Robert Liebsch
Stone Yamashita Partners
With an office so small, I'd think that sonicwall, cisco, checkpoint would be cost prohibitive. Though if you have the funds, I really like Cisco's 3500 VPN Concentrator.
Another option is a linux based solution, opensource, easy to use, as long as you follow instructions closely.
Robert Liebsch
Stone Yamashita Partners
- Thread starter
- #5
The company is growing quickly but short on cash. A friend of mine had said to set up a windows 2000 server and have the router point to it, but he was not sure how to implement that.
So far it looks like the least expensive method (cost is much more important to them than security) is to go with the SnapGear VPN server. Would that go on the Internet side of their router or on the LAN side of their router?
I have built linux machines before, would that be less expensive?
So far it looks like the least expensive method (cost is much more important to them than security) is to go with the SnapGear VPN server. Would that go on the Internet side of their router or on the LAN side of their router?
I have built linux machines before, would that be less expensive?
LAN side. It'll need a publicly addressable IP. It will also have a internal IP address.
its possible to do it on linux cheaper, but the experience with the snapgear says it is cheaper even after set up. I haven't done much but the occasional update to the system. The fewer things you have to look at in a day, the better.
I got my SOHO many years ago, for, i think, about 300 bucks. I have had 20 users connceted simultaneously. It has grown with us quite well.
Robert Liebsch
Stone Yamashita Partners
its possible to do it on linux cheaper, but the experience with the snapgear says it is cheaper even after set up. I haven't done much but the occasional update to the system. The fewer things you have to look at in a day, the better.
I got my SOHO many years ago, for, i think, about 300 bucks. I have had 20 users connceted simultaneously. It has grown with us quite well.
Robert Liebsch
Stone Yamashita Partners
- Thread starter
- #7
If they are running Windows or Mac, they can use the built in PPTP or L2TP VPN clients.
The functionality is built in to just about everything these days.
Robert Liebsch
Stone Yamashita Partners
The functionality is built in to just about everything these days.
Robert Liebsch
Stone Yamashita Partners
Editing yet again....
Their current servers have TONS of options. IPSec, PPTP, L2TP.
looks like they throttled their entry level down a little, 5 PPTP sessions, and 40 IPSec.
But that should be more than sufficient.
Robert Liebsch
Stone Yamashita Partners
Their current servers have TONS of options. IPSec, PPTP, L2TP.
looks like they throttled their entry level down a little, 5 PPTP sessions, and 40 IPSec.
But that should be more than sufficient.
Robert Liebsch
Stone Yamashita Partners
- Thread starter
- #12
Obviously I am not real familiar with VPN, but I have heard it is real slow. Is that true, and if so, are there any good alternatives?
If not and the company uses a SnapGear VPN server (or openvpn on a linux box), how do the remote users use the built in PPTP or L2TP VPN clients?
If not and the company uses a SnapGear VPN server (or openvpn on a linux box), how do the remote users use the built in PPTP or L2TP VPN clients?
There are wizards in 2K that will walk you through the process.
Robert Liebsch
Stone Yamashita Partners
Robert Liebsch
Stone Yamashita Partners
VPN speed is relative to the overall connection speed between the remote user and the company network. So it all depends on the companies internet connection and the remote users internet connection. Openvpn uses it's own free client software and you can create a script that runs when they login to the computer. You can then automaticly connect them to the vpn, create mapped drives, etc...
airbourne
MIS
- Sep 11, 2003
- 130
You might be thinking of Dial-Up VPN, which was slow only because it was using a modem to connect. Like bercj said, your speed is dependant on both the company's connection to the internet and the client's connection to the internet.
As for how do the remote users setup and use the VPN clients, I would refer you to the particular technology you choose for your VPN solution.
Checkpoint & Netscreen both use a software that must be installed on every client. You must also create a user on the VPN server and the clients simply put in the address of your VPN server on the web and put in username / password to authenticate.
Beyond that, once authenticated, they can map drives and access network resources as if they were directly connected to the company network.
I have never used the built in VPN clients for windows, so I cannot say if they are good or bad.
As for how do the remote users setup and use the VPN clients, I would refer you to the particular technology you choose for your VPN solution.
Checkpoint & Netscreen both use a software that must be installed on every client. You must also create a user on the VPN server and the clients simply put in the address of your VPN server on the web and put in username / password to authenticate.
Beyond that, once authenticated, they can map drives and access network resources as if they were directly connected to the company network.
I have never used the built in VPN clients for windows, so I cannot say if they are good or bad.
- Status
Similar threads
- Locked
- Question