VPN first-time setup advice

[sam01537]

Hi

Let me preface this by saying I really have tried using google and reading all I can see but I am afraid I have a few questions that I can't quite nail and would really be grateful of some specific responses.

My Situation:
I have been tasked with setting up a vpn between 2 sites for a friend's company, I am pretty technical and have my head around the whole concept and am quite happy tinkering with real networks with cables that I can unplug or WEP etc.

However, I am really struggling with the pros and cons of different VPN methods.

I basically want to set up the simplest to manage (the users are not technical so I want to minimise my need to support them ) and cheapest option (aren't they always the two requirements)

All we need is remote access to an application, or perhaps even just a network drive (running FreeNAS) and run the application on the local machine using the network storage for the data file.

My Options:

I believe I could just go a software PPTP route using XP Pro on both machines at no extra cost (though am not 100% sure on this) or one of the free options like LogMeIn but that was dreadfully slow when I tried it. Is the XP option viable or have I missunderstodd its purpose? would it give me access to a FreeNAS? Does it offer better performance than logmein or similar?

I have also looked at the hardware route and have sussed I would need a VPN endpoint (is that the same as a concentrator) and client software (perhaps XP Pro?) or a second endpoint to create the tunnel. The items I have been looking at are the Netgear FVS318 and the FWAG114 for the main reason as they are described as endpoints ... am I right in thinking I can use these at the office site and connect remotely. The Netgear documentation seems to suggest having 2, one at each site, I presume this is preferable to me (and not just doubling sales) rather than using a s/w client but would appreciate clarification.

Any advice on more appropriate hardware is welcome but I really have a maximum budget of £100 (per site but preferably total)

Appologies for the lengthy first post but hopefully i have provided most of the detail that may influence any advice you care to give.

Many thanks

Sam

PS ... boy you have a lot of users, resorted to thumping number pad to get a free handle

 

[colinT23]

Hi,

What type of broadband do you have at each site - cable or DSL ? Do the sites have static or dynamic IP addresses ? How secure do you want the VPN tunnel to be (ie, is PPTP good enough for your needs or would you rather have 3DES/AES)?

Regards Colin.

 

[sam01537]

Hi Colin

DSL at both sites, security is not key, this to ease travel needs and it is not sensitive or confidential material being accessed so PPTP should be OK, though 3DES/AES would not be a bad thing. I am just looking for an easy reliable solution.
Both have dynamic IPs at present but I will get themm setup to be static (service provider feature, just need to request so not an issue)

I also forgot that I would like to access a network pronter, can't imagine this will be wildly different but just like to check I dont need to do anything special for this.

Thanks again

Sam

 

[pronet74]

Do any of them have windows 2000 or 2003 server? If so, I would use the software route. This is what I am doing for my company. We use a linksys broadband router, so I just forwarded port 1723 to our windows 2000 server and opened up the VPN (easy to do with linksys setup).

I went under control panel/administrator menu and ran the setup for remote routing access and added the vpn. Then on the XP machine I created a new network connection (vpn), pointed it to the IP address of my broadband (to who I am connecting to). If you use the windows 2000/2003, go into AD users and give them permission to 'dial in'.

For connection wise you want to get the fastest package available (at both ends).

Easy to setup and it works.

 

[colinT23]

Hi,

You could use a Cisco 877 ADSL router at the main site and use the VPN client to connect from the remote site. 877's are around £300 new but about £150 on eBay. You can then use 3DES to ensure a secure tunnel. The setup on the 877 is fairly straight forward (I'm no CLI wizard so I used the SDM - up and running in about 15 minutes).

Regards Colin.

 

[sam01537]

Hi pronet74, could I use an XP vpn server?

colinT23, would the netgear kit I mentioned not do the same.

thanks again

Sam

 

[colinT23]

Hi,

If you need a DSL WAN port then the 877 is ideal. The Netgear's use RJ45 WAN ports so you are going to need a separate ADSL modem. I've never used the Netgear routers you mention but the price of the FWAG114 isn't too far off the Cisco 877. I believe you also need to purchase the Netgear VPN Client for 3DES ?

Regards Colin.

 

[sam01537]

Sorry, a DSL WAN port? I am not so sure I follow. The present kit I have is a d-link adsl modem and a netgear 8-port switch at the office site and belkin wifi router/adsl modem.

I will certainly have a look at the cisco 877 but that really is stretching the budget i was given but if I need to purchase additional s/w for the netgear then I guess that really does make them quite comparable.

should the xp server work without additional hardware in the interim? I am going to have a tinker but would be good to know if it *should* work or if I am attempting something that is not possible, in which I won;t bother and just go to the pub instead ;-)

Thanks for all your help and advice