So I think I want to set up an SSL VPN?
#1
Scooby Regular
Thread Starter
So I think I want to set up an SSL VPN?
We currently store all our office files and scanned docs on one PC - it's not really a "server" as such. They all use WinXP and its just a fancy NAS box really.
Anyway, I'd like to allow remote access to some of the files on the server. It has our account records on it and don't want everyone to have access to it.
What I'd want is office A to access global files - that we all use - and files generated for those working in office A. Same for office B but don't really want offce A and B to be able to see each others locally generated files. Although all files should really be saved to the server in the head office - would be cool if this could be sync'd on start up or something like that.
I've only just started looking at this and an SSL VPN looks like the best solution. Using a web application to access certain parts of a head office network - thats how I understand an SSL VPN to work anyway.
Seems to be different equipment based solutions but I prefer Draytek equipment. Theres some Barracuda stuff but not pay £2K for it. Draytek have a couple of routers with SSL VPN support.
Anyway, I'd like to allow remote access to some of the files on the server. It has our account records on it and don't want everyone to have access to it.
What I'd want is office A to access global files - that we all use - and files generated for those working in office A. Same for office B but don't really want offce A and B to be able to see each others locally generated files. Although all files should really be saved to the server in the head office - would be cool if this could be sync'd on start up or something like that.
I've only just started looking at this and an SSL VPN looks like the best solution. Using a web application to access certain parts of a head office network - thats how I understand an SSL VPN to work anyway.
Seems to be different equipment based solutions but I prefer Draytek equipment. Theres some Barracuda stuff but not pay £2K for it. Draytek have a couple of routers with SSL VPN support.
#2
If you haven't already, you need to sort out your access control method for your data. Do your users logon to their pc's with a username/password? Have you secured your file shares?
With the Draytek SSL VPN (only used it once) it can proxy web pages only. If you want to use say Windows file sharing, you would have to choose an option to create a tunnel into the remote network. This generally gives you full access to the remote network. Not sure if the Draytek gave options to restrict access to certain ip's and ports.
If the routers at the sites can create vpn's, how about using these to create permanent site to site vpn's instead of having to initiate a vpn connection via a browser? If the routers can handle access lists/firewall the vpn tunnel then all the better
With the Draytek SSL VPN (only used it once) it can proxy web pages only. If you want to use say Windows file sharing, you would have to choose an option to create a tunnel into the remote network. This generally gives you full access to the remote network. Not sure if the Draytek gave options to restrict access to certain ip's and ports.
If the routers at the sites can create vpn's, how about using these to create permanent site to site vpn's instead of having to initiate a vpn connection via a browser? If the routers can handle access lists/firewall the vpn tunnel then all the better
#5
Scooby Regular
iTrader: (1)
Join Date: Jan 2011
Location: Essex
Posts: 1,002
Likes: 0
Received 0 Likes
on
0 Posts
SSL VPN Should create a tunnel as well as act as a proxy to web stuff
but id just look at setting up an ipsec vpn link between the two drayteks, constantly leave the two sites linked (like HHxx said)
and then look into ways of securing the files, what flavour of XP is it on all of them?
depending on expansion etc id be much happier (if it was me and on the cheap) getting a cheap dell 2800 or something with a W2k3 COA on it, sticking Win2k3 and a domain on with a few users and doing it properly and having some decent control :s
all depends on numbers, what you have at the moment, and where you see it going in the future
i walked into my first job to find an office with a "network" with about 20 PC's on it all running Windows 95, that was mucho fun...
but id just look at setting up an ipsec vpn link between the two drayteks, constantly leave the two sites linked (like HHxx said)
and then look into ways of securing the files, what flavour of XP is it on all of them?
depending on expansion etc id be much happier (if it was me and on the cheap) getting a cheap dell 2800 or something with a W2k3 COA on it, sticking Win2k3 and a domain on with a few users and doing it properly and having some decent control :s
all depends on numbers, what you have at the moment, and where you see it going in the future
i walked into my first job to find an office with a "network" with about 20 PC's on it all running Windows 95, that was mucho fun...
#6
Scooby Regular
Thread Starter
Thanks for the replies guys.
Theres 8 PCs in the main office all running a mix of XP home or pro. The server PC is XP Pro.
We have 3 other offices with 2 machines in each office. We also need the ability to allow up to say 10 laptops to access files remotely from employee homes.
Dropbox was recommended by someone else but is there security issues there?
If I use the drayteks to set up site to site VPNs, can the laptops access this from home?
Theres 8 PCs in the main office all running a mix of XP home or pro. The server PC is XP Pro.
We have 3 other offices with 2 machines in each office. We also need the ability to allow up to say 10 laptops to access files remotely from employee homes.
Dropbox was recommended by someone else but is there security issues there?
If I use the drayteks to set up site to site VPNs, can the laptops access this from home?
Trending Topics
#8
For the Draytek's, the site-to-site vpn's will be the permanent links between your offices. You would use the SSL VPN part for your remote workers. They would just have to connect to one of the Draytek's and they should be able to access all the networks in each office.
To make the site-to-site vpn's easier to setup, ensure your offices are on their own local subnets.
#9
Scooby Regular
I agree with those who say get a server and some proper access control on the go. Win2003 setup as a dc and a few security groups to control access to your data will keep everything so simple.
You don't need an expensive server either, i'm just about to sell an HP ML115 (1tb drive, 8gb ram and monitor etc which would be more than enough to do the required plus allow you some resilience if you put in mirrored drives for your data) on ebay for £300 but i'd recomend getting one new as it's for a business and getting some warranty sorted so your hardware is protected.
What hardware support do you have currently? Is your data backed up daily? Just wondering as you've only mentioned xp machines and doesn't sound like much resilience for business data if anything goes pear shaped?
For vpn stuff I agree with HHxx's solution.
You don't need an expensive server either, i'm just about to sell an HP ML115 (1tb drive, 8gb ram and monitor etc which would be more than enough to do the required plus allow you some resilience if you put in mirrored drives for your data) on ebay for £300 but i'd recomend getting one new as it's for a business and getting some warranty sorted so your hardware is protected.
What hardware support do you have currently? Is your data backed up daily? Just wondering as you've only mentioned xp machines and doesn't sound like much resilience for business data if anything goes pear shaped?
For vpn stuff I agree with HHxx's solution.
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM