VPN, 2003 server or hardware based? 1

[PaulGillespie]

Hi guys,

Just looking for a little advice or for others to share their experiences. I want to set up a IPsec based VPN to allow remote/roaming staff to access the HQ network. There will be 20 laptops that will require access but there will be no more than 5 at any one point in time.

Do i set up my 2003 Server (which runs AD, DNS, DHCP) to be an IPsec VPN server or do i use a hardware based firewall to do the same, probably a Zyxel Zywall 35.

Which is best in terms of reliability and performance? Any pit falls i should be aware of?

Thanks

Paul

 

[burtsbees]

I am not sure that a Windows box does IPSec...not even 3DES or anything higher, as far as encryption goes...
What kind of line is coming in (I.E. T1, adsl, etc)?
I am a Cisco man myself, and if you have adsl, a Cisco 837 would be perfect. Ebay, for around $150
If it is a T1, then a Cisco 2620 going to a switch, with a WIC-T1 (NOT a WIC-1T!!!) in the router. You need a good image on the router to do that, too...

Burt

 

[burtsbees]

Forgot to add...something like a Cisco ASA 5505 would be the best thing, in my opinion.

Burt

 

[PaulGillespie]

Thanks Burtsbees. We have an ADSL at the moment. We would probably run the router behind an ADSL router.

I thought that 2003 server could be configured to be an IPsec VPN endpoint.

I'll look into those Cisco routers. Never used Cisco before and i'm a little hesitant to due to the cost of them and possibly requiring specialist knowledge.

Using your recommended Cisco VPN router, would the client laptops use software to establish the VPN to the router?

Thanks

 

[burtsbees]

Yes---I had a Cisco 837, and it will connect at least 5 users. You can also get a GUI-based set-up tool called SDM for Cisco routers---sets up the VPN and everything! And SDM is free---I have a copy on my FTP server if you need it. If you have 2003, I guess try that first---I don't know much about Windows VPN setups...

Burt

 

[PaulGillespie]

Thanks Burt, i've seen SDM once before but i had to hand back the router

I'll look into the 837 then and see what turns up.
From what i can gather so far, 2003 can use PPTP easily(and i have in the past) but the general consensus is that PPTP has major security flaws hence me looking into IPSEC.

Cheers

Paul

 

[burtsbees]

Let me know when you get it---I'd be glad to help---SDM can set it up usually with no problems (it had for me in the past when I was feeling a bit lazy). :]
I also have all the Cisco books you could possibly want on my FTP server, including classes (Cisco Academy) for CCNA, CCNP, and CCSP, as well as a lot of other cool stuff. Let me know.

Burt

 

[PaulGillespie]

Cheers Burt that's very good of you!

Paul

 

[IllogicallyLogical]

Most people probably go the VPN appliance route, but here is some info for you to peruse.

- How to build a scalable VPN solution

http://articles.techrepublic.com.co...tml?part=ciscopress&subj=1587051680&tag=tr.dl

Here is a guide for you to look at for setting up VPNs on Server 2003. The first part is for setting up PPTP. Scroll down a good ways until you see "L2TP/IPsec-based Remote Access VPN Connections". This will take you through the steps of setting up IPSEC on Server 2003.

- Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

http://technet2.microsoft.com/windo...1ef0-4888-8e2b-ce99bf8f72791033.mspx?mfr=true

And here is a little more technical article on configuring IPSEC without all the fancy pictures.

- How To Configure IPSec Tunneling in Windows Server 2003

http://support.microsoft.com/kb/816514

This link provides some good resources for VPNs on Windows Server.

- Virtual Private Networks

http://technet.microsoft.com/en-us/network/bb545442.aspx

Joey
CCNA, MCP, A+, Network+, Wireless#