ragnarock

Hello;

Not really a network person, so I'll throw it to the guru's:
My Company currently has an ADSL connection to the web using a Netgear DG814 router.
We have 2 users that want to be able to access our network remotely, both have a aDSL connection at home.
What is the best way to set this up? I know I could use MS remote desktop or PC anywhere etc, but i really wanted just a straight VPN into the network, so telnet sessions etc will work from their local machines?

Many thanks

Mkhan

Well there are lots of ways to do VPN, but if you are not very technical minded or have never played with VPN before the easiest way (I think) is to change your router ..(I know, I know you just bought the Netgear DG814 .. but I don't think the Netgear DG814 does VPN builtin.. I could be wrong as I don't have one..)

Anyway buy a draytek 2600 from here Vigor2600

This does what the Netgear does but has VPN tunneling and High-Level IPSec encryption.

Then at the other staff's house place another draytek 2600 if they have BT/pipex ADSL or the Draytek 2200e if they have cable DSL Vigor2200e

And then they can both connect back to your HQ and they will be on your local LAN.

See here for more details on the VPN tunnelling VPN

The draytek is a great product and with its builtin Firewall as well it's great for home or small business users..

I have two of these

Mark

Puff The Magic Wagon!

iTrader: (2)

Why not setup RAS on a W2K server & "allow" VPN through the firewall. Easy peasy.

Don't forget to make your user's p'words more secure & "Allow Dial-In Access" in user config.

Mkhan

Puffy, As the chap said .. he wasn't very techicial minded... Yes IF he has a W2K server in place and knows the correct ports to open on the Netgear firewall, and knows how to install and configure Routing and Remote Access Service. And knows how to add users and give them access etc .. then yes you can do it via W2K..

As I said, there are loads of ways on how to do this.

Mark

ragnarock

I am fine with w2k server and RAS etc. I am just not really a network guy, so needed pointing in the right direction(s). Will give the W2k method a go (as it does not involve buying any extra hardware!!!

Many Thanks to both

Puff The Magic Wagon!

iTrader: (2)

Mark

DazV

Is it true at least one end of the VPN must have a static IP address ?

I was thinking that perhaps that chap only has 2 dynamic IP addreses ?

Puff The Magic Wagon!

iTrader: (2)

Indeed true. Req 1x proper internet IP addy @ the work location.

Gedi

cheapest way would be to set up a unix or linux box.
Your encription can be much stronger too due to tools like FreeSwan (which I might add is illigal in the US because the government can't decript it...hehe)

ragnarock

I have currently set up using w2k server, also just found out I could have doen it through XP, as an incoming connection. We have Linux and AIX boxes at work, so maybe I will try the Freeswan if it offers more protection

BlueBlood

Don't need a static IP.

You can have DynDNS provide the remote machines with the IP address given to the Draytek each time they want to connect.

Have seen this work in a couple of places.

DazV

We currently use BT ADSL, with Dynamic IP.

What sort of price can you buy ADSL for with Static IP ?

WillieF

Yeah Static IP is very halpful but not essential.

If you are in a telewest broadband area they do static ip business accounts. If you are not the demon internet are good and are doing free installation at the moment.

Jeff Wiltshire

Darren

You can upgrade your BT account to have a range of addresses (248 mask). This will give you 4 addresses to play with (1 for the router, 1 for the SonicWALL, 1 Broadcast, 1 network).

Aggresive mode VPNs (which is used when one site has dynamic addressing) is slightly less secure than Main mode, but this is really not an issue. I would suggest doing IPSec VPNs if at all possible rather than PPTP or L2TP as the IPSec VPNs are more secure.


Jeff

DazV

Jeff - YHM!

-DV

[Edited by DazV - 1/19/2003 12:27:25 AM]