SBS 2003 Software VPN

Discussion in 'Windows Small Business Server' started by Nick, Aug 25, 2010.

  1. Nick

    Nick Guest

    Can someone remind me of what VPN functionallity is built into SBS2003?

    For a number of years we have been using Hardware VPNs (which have been very
    reliable) that terminate at the Router and also RWW to allow access to
    individual workstations from anywhere on the Internet. We now have need to
    give a number of others access to shared drives on the network via VPN.
    This will be usually from known trusted laptops but it might also be good to
    provide occassional VPN access from a public machine if that is possible.

    Thanks,
    Nick
     
    Nick, Aug 25, 2010
    #1
    1. Advertisements

  2. Nick

    Nick Guest

    Thanks Brian,

    So if I have understood this correctly SBS 2003 built-in VPN will allow any
    laptop to connect over the Internet, it doesn't need to be part of the
    domain then. Is there any limit on the number of concurrent connections?

    If that is the case is there any advantage to having a hardware SSL VPN?

    Nick
     
    Nick, Aug 25, 2010
    #2
    1. Advertisements

  3. Nick

    Joe Guest

    Basically, PPTP, IPSec and L2TP, the latter two being difficult to get
    running with devices which do not carry the public IP address of the
    network, hence their usual use on edge devices such as routers. The
    endpoint IP addresses are part of the security.
    You might be surprised by what can be done. Have a poke around in RRAS
    management, in particular, Remote Access Policies. But IP connection
    restrictions are best applied at the Internet router, if possible.
    This would be a public machine which is guaranteed free of keyloggers
    and other malware? A 3G dongle on a (reasonably) trusted portable is
    likely to be the best means of mobile access. There are many free WiFi
    locations, but they tend to be limited to basic http web surfing, and
    even that is almost always unencrypted over the air.
     
    Joe, Aug 25, 2010
    #3
  4. Nick

    Joe Guest

    No, it doesn't even need to be a Windows machine. But my experience of
    network browsing and share visibility with non-domain clients is that of
    severe intermittency. Only the SBS web-based services can be pretty much
    guaranteed to work reliably.

    Human VPN users do need to be domain members, and if you are considering
    offering some kind of network access to non-members, then you need to be
    looking at a solution which is completely independent of the SBS and its
    means of authentication.
    By default, five PPTP and five L2TP connections are allocated, this can
    be adjusted in RRAS management. I don't know what the absolute limit is,
    but I suspect the server will die of overwork long before getting
    anywhere near it.

    Note that only one VPN tunnel will normally work between any pair of
    public IP addresses, so multiple users in one location will need the
    hardware site-to-site VPN. That's not an SBS limitation, but is
    dependent on the Internet routers involved being able to manage multiple
    protocol 47 or 50 tunnels between the same endpoints i.e. they typically
    can't.
    You're not adding extra load to the organisation's only server, VPN is
    quite CPU-intensive. Users of an SBS VPN might well notice if another
    user does a heavy bit of SQL work, or the backup starts running. And in
    general, the more functions a device carries out, the less well does any
    particular one work. And I have a preference for minimising the number
    of eggs in any one basket...
     
    Joe, Aug 25, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.