Announcement

Collapse
No announcement yet.

Back to Basics: How to configure VPN with SBS2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Back to Basics: How to configure VPN with SBS2003

    Hi,

    We have a SBS 2003 Server connected to the internet using a router to an ADSL connection.

    How would we go about setting up a VPN connection so that users at home/another office can log on to the domain to access network resources.

    Never done it before so looking for a basic guide to say what hardware and software I need and how it needs to be setup on the server and if anything needs to be done on the other PCs off site.

    Thanks in advance.

  • #2
    Re: Back to Basics: How to configure VPN with SBS2003

    Hi,

    You can use the build in VPN server:

    http://www.microsoft.com/smallbusine...3_network.mspx

    Or use third party product like: Juniper, Check Point and even Microsoft ISA 2006 server
    as VPN server.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Back to Basics: How to configure VPN with SBS2003

      Few questions:

      I have remote desktop working, i.e. using the Remote Desktop Connection in XP/Vista then connecting to the IP or companyname.no-ip.info (as we have dynamic IP).

      Also in Internet Explorer we use http://companyname.no-ip.info/remote for the "Remote Web Workplace".

      Is this all VPN is?

      I was wondering if you could use a XP Pro machine off site that could be "part of the domain" - is this what a tunnel etc. is?

      Little confused I think as to what the VPN is/does.

      Thanks

      Comment


      • #4
        Re: Back to Basics: How to configure VPN with SBS2003

        Microsoft released a short overview of Remote Web Workplace:

        http://www.microsoft.com/technet/pro....mspx?mfr=true

        http://support.microsoft.com/kb/833983

        The main issues with this technology from my point of view:

        1. You use the DC as "VPN server", so any person from the world can try to
        connect to it.

        2. Users can't use laptop from and access local LAN resources like printers etc.
        Also, using VOIP phone etc. from home to connect to the LAN wouldn’t work.

        3. The using of user\pass from the domain don’t provide a good security practice.
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: Back to Basics: How to configure VPN with SBS2003

          OK

          So if the server is one side of the country and a user has a PC at home is there anyway that they could access the files on their local machine other than logging into the server.

          i.e. could we map a network drive for them to access the server. We could use their user login/password for security.

          Is that possible ?

          Otherwise we would need to install the program that the staff member wants to use on the server rather than on the client PC so they can just use the server to store the files.

          Thanks

          Comment


          • #6
            Re: Back to Basics: How to configure VPN with SBS2003

            With SBS it is easy to set up a VPN connection from a remote computer to the SBS LAN. However, as Yuval correctly points out there are security considerations which are paramount.
            With the remote computer connected by VPN you have effectively allowed an unmanaged computer to enter your LAN. You don't know it's AV status; you don't know if it has all the latest OS and appplication patches on it, you don't know if it has keyloggers, trojans or any other malware loaded onto it. You don't know even if it is a zombie or someone else has total control over it - and you are letting into your LAN! You maybe also allowing someone to download sensitive company data on to their home computer, where the children have Kazaa and bitTorrent software running and filesharing.
            Having said all that, if you are confident about the external computer, it can connect to the Remote Web Workplace by http://<Server FQDN>/remote and connect to one of the computers in the office (with permissions for that user) and remote control it from home - much safer than VPN since it is only the Screen, Keyboard and Mouse that are actually transmitted over the wire. Next down in security level is the same RWW but with the option of transmitting files between the remote and local computers.
            Finally, if you still insist on a VPN, you can again connect to the /remote Remote Web Workplace and download the Connection Manager to the local computer, install it and run the connection, which has been set up for you.

            HTH
            Last edited by teiger; 20th February 2008, 01:33. Reason: typos
            TIA

            Steven Teiger [SBS-MVP(2003-2009)]
            http://www.wintra.co.il/
            sigpic
            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

            We donít stop playing because we grow old, we grow old because we stop playing.

            Comment


            • #7
              Re: Back to Basics: How to configure VPN with SBS2003

              Thanks for all your advice.

              When I download the connection tool I can't connect using companyname.no-ip.info or th IP address.

              I have opened the correct ports on the router and have run the wizard in SBS2003.

              Do I need to run any other wizard or configure anything else for that to work?

              P.S. - Will it work on Xp Home or is it only XP Pro that it would work on ?

              Thanks again for everyones advice and input.

              Comment


              • #8
                Re: Back to Basics: How to configure VPN with SBS2003

                It works according to what you set in the "Configure Remote Access" wizard.
                If you entered companyname.no-ip.info into that wizard then that is what it will connect to.

                Is companyname.no-ip.info the <FQDN> published in a public DNS? (the name I can reach you by on the Internet)? 'Coz that's what the connection manager connects to and if I can't reach it, I can't connect.
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We donít stop playing because we grow old, we grow old because we stop playing.

                Comment

                Working...
                X