Creating a VPN Connection. Starting From Scratch

Discussion in 'Windows Small Business Server' started by Harlequin, Oct 16, 2004.

  1. Harlequin

    Harlequin Guest

    Hi all.

    Firstly I'll apologise for the length of this post and also the fact that
    there's probably other posts similar but I'd still really appreciate an
    individual response to what I believe is a unique issue.

    We have a head office running SBS 2003 and I have 3 satellite offices that
    require VPN access. Simple enough...? Well, even NetGear can't come back to
    me on this one because here's the conundrum:

    I need the clients (3 currently, maybe more soon as we are opening up
    "Virtual Offices") to be able to gain access to mapped drives on the network
    for database applications and the only way I can think of achieving this is
    by executing a batch file on the client's PC from the server.

    Am I going about this the wrong way...?

    --
     
    Harlequin, Oct 16, 2004
    #1
    1. Advertisements

  2. Harlequin

    Jeff L Guest

    Micheal,

    Netgear products among others will be a good solution. Basically I would
    setup the offices to connect using VPN appliances. This makes the VPN
    features transparent as the client computer which thinks it is on the local
    area network.

    Alternatively you can look in to the features for using VPN to authenticate
    users duiring logon. I don't know if you have noticed the check box which
    says dial this connection first when you start windows and ctrl+alt+del for
    the log on screen. Well that check box allows you to logon on to windows
    authenticating via VPN connection to the server.

    Really the simplest thing is VPN appliance.

    Jeff Loucks [SBS MVP]
    Available Technology ®
    Solutions For Professionals ®
    www.availabletechnology.com
     
    Jeff L, Oct 16, 2004
    #2
    1. Advertisements

  3. Harlequin

    Harlequin Guest

    Thanks for the response Jeff.

    I just need to know then whether you are referring to end-point or
    pass-through and which of these will suit my needs as I need the ability to
    execute scripts on the client machine during logon.

    --
    -----------------------------
    Michael Mason
    Arras People
    www.arraspeople.co.uk
    -----------------------------
     
    Harlequin, Oct 16, 2004
    #3
  4. Harlequin

    Jeff L Guest

    Michael,

    Checkout this link:
    http://www.netgear.com/products/details/FVL328.php

    You want end points. You will need the client software for computers to
    connect to this on their own but if you have two locations each with one of
    these you will be able to maintain a "permanent" Virtual Lanlike connection.

    Regards,
    Jeff Loucks [SBS MVP]
    Available Technology ®
    Solutions For Professionals ®
    www.availabletechnology.com


     
    Jeff L, Oct 17, 2004
    #4
  5. Harlequin

    Harlequin Guest

    Thanks very much Jeff.

    I'm still very confused though and need to understand the essence of what
    the difference is between an end-point connection and a pass-through
    connection, can you help with this...?

    --
    -----------------------------
    Michael Mason
    Arras People
    www.arraspeople.co.uk
    -----------------------------
     
    Harlequin, Oct 17, 2004
    #5
  6. Harlequin

    Jeff L Guest

    Michael,

    Sure thing, np. Basically a pass through allows a vpn client to connect to a
    VPN server. Many of the first routers blocked the ports that allowed you to
    make VPN connections. So a pass through router doesn't really have anything
    to do with VPN, it just lets it happen.

    Pass-through Router (PT)
    PC1 ---- PT Router ----(~the Internet~)--VPN Server ---PC2

    PC1 and PC 2 don't even know the other exists in many cases. PC1 is making
    the connection to the VPN server and the router is just leting it happen.

    End points are transparent for the client. So you have an end point in the
    remote office and an end point in the Main office. None of the computers
    actually know that there is a vpn connection going on between offices. So
    with two end points you are making a private network that is vitural but
    none of the PCs know about it.

    End Point Router (EP)

    PC1 --
    --- PC3
    |-- EP Router --(~the Internet~)--EP Router --|
    PC2 --
    --- PC4

    So PC1 thinks PC3 and PC4 are exactly the same as PC2. At least this is one
    possible configuration. There are other ways of doing it.

    You also have to keep in mind that an unrelaible internet connection can
    cause serious problems. If you can't count on the internet, it is suggested
    that you have a server at each location.

    Does this help?

    Jeff Loucks [SBS MVP]
    Available Technology ®
    Solutions For Professionals ®
    www.availabletechnology.com



     
    Jeff L, Oct 18, 2004
    #6
  7. Harlequin

    Jeff L Guest

    SOrry the Diagram didn't come through very well

    EP -

    PC1 PC2
    | |
    ----------
    |
    EP Router
    |
    (Internet)
    |
    EP Router
    |
    ----------
    | |
    PC3 PC4

    Cheers,

    Jeff Loucks [SBS MVP]
    Available Technology ®
    Solutions For Professionals ®
    www.availabletechnology.com



     
    Jeff L, Oct 18, 2004
    #7
  8. Harlequin

    Harlequin Guest

    That's fantastic Jeff. and thanks very much for the diagrams mate.

    So, if I am interoperating this correctly:

    End-pint will simply connect 2 offices while pass-through will connect 2 PCs
    (or a PC to a server) directly.

    Which will allow me to execute logon files on the client machine though...?

    --
    -----------------------------
    Michael Mason
    Arras People
    www.arraspeople.co.uk
    -----------------------------
     
    Harlequin, Oct 18, 2004
    #8
  9. Harlequin

    Jeff L Guest

    Michael,

    End Point config will work as though all four PCs were at the same location.
    The remote computers will act as though they are on the same network as the
    server and other PC. This config can show some issues as I mentioned because
    large file transfer can effectively shut down access to the Active Directory
    and that is why another Server can sometimes be required at the remote
    location.

    *EP Pint ~ I think that is what you can buy me next time I am in London...
    ;)

    Cheers,

    Jeff Loucks [SBS MVP]
    Available Technology ®
    Solutions For Professionals ®
    www.availabletechnology.com


     
    Jeff L, Oct 18, 2004
    #9
  10. Harlequin

    Harlequin Guest

    LMAO Jeff.

    OK mate, a pint it is...!

    So... EP would effectively give me a VPN with all 4 PCs sharing the same
    virtual domain.

    So I don't understand the nenefits or otherwise that pass-through gives...
    Could you enlighten me when you can spare a minute please mate...

    --
    -----------------------------
    Michael Mason
    Arras People
    www.arraspeople.co.uk
    -----------------------------
     
    Harlequin, Oct 19, 2004
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.