Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up Remote Access through internet 2

Status
Not open for further replies.
jsingh9741

jsingh9741

Technical User
Jul 12, 2001
9
0
0
I hope someone can point me in the right direction. Security is not my strong point. I have 25 user LAN with 2 NT 4.0 Servers. We have a DSL Router with NAT enabled. We have some users that need to get on the network from home.
How do I need to go about setting this up? Do I need a Separte server with windows 2000 VPN? Do I need Firewall software? Where would I place this server in terms of order. The DSL Router then to Windows 2000 Server then access to LAN? Any recommendations or Literature would be much appreciated.


Thanks in advance
 
Sort by date Sort by votes
Complicated question... I'll try to address the main points though...

First, you can use the NT servers already in place and install RAS on them. However, if you have many users that will be logging in remotely, you might want to consider setting up a separate server (NT or 2000) to handle the remote requests.

Secondly, RAS is a routing software package that will route packets from the DSL's LAN card (connected to the Internet and the second NIC inside the RAS) onto the local LAN. In this configuration a firewall is a MUST. Don't forget to put a firewall on there or you are asking for trouble...

Thirdly, as to the position of the server/firewall... I would install the RAS server in something called a DMZ (De-Militarized Zone). This is an area of the network that is like a network within a network...

A--->B--->C--->D

where A represents the LAN, B the RAS and/or firewall (depending on if you put the firewall on the RAS machine [which I would recommend]), and C the DSL router connected to the Internet (D). This configuration puts two layers of security between the LAN and the external network (Internet). If a hacker gets into the DMZ from the Internet, he will still have to get past the RAS and the firewall to get into the LAN.

Lastly, go to and do a search to get more information on how to set it up. Security plays a big role in a situation like you have, and the importance of a DMZ and firewall cannot be overplayed.

Hope some of these ramblings help!!

Matt
A+, MCP, MCP+I, MCSE Windows NT 4.0, MCSE Windows 2000 Early Acheiver with Security Emphasis

Help increase my knowledge by providing some feedback, good or bad, on any advice I have given and if you like my advice, please mark it as helpful.
 
Upvote 0 Downvote
Not so Bad Matt...

But as MCP and MCSE, you forgot to tell jsingh9741 that VPN and NAT routers are basically uncompliant due to header modifications the NAT and VPN operate.
Unless you can attach a public IP to your RAS server and set static exceptions in the router config for that adress ...
Maybe some other turn-arrounds, but don't know them...
Let us know Matt..

@+
Benj Le Kangooru

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
103
MaioMaio
MaioMaio
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
91
mangentle
mangentle
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
75
hairlessupportmonkey
hairlessupportmonkey
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
51
Scparks
Scparks
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
75
StevenFromSouth
StevenFromSouth

Part and Inventory Search

Sponsor

Back
Top