Networking

TechRepublic Tutorial: A member shares his VPN success story

Shows how one NetAdmin tackled a tricky VPN setup problem


By Stephen Kent

A few months ago, one of our senior sales representatives informed the company that he was moving back to his hometown, San Diego, later in the year. He was a skilled salesman with a large customer base and a high close ratio, and it would be a shame to lose such a valuable member of our team.

Jon Sevel, the company president, called a meeting with me to discuss this dilemma. For the past year or so, we had been looking into expanding the company to the West Coast. Such a venture would give us extra hours of operation and extra revenue. The only obstacle was finding a cost-effective way to connect another office. The first suggestion was to use simple dial-up remote access service. However, the cost of a coast-to-coast long distance phone call or an 800 number call for eight hours a day, mixed with the dragging speed of a 56K modem, would provide no return on investment.

I suggested the use of a virtual private network. The president asked if that would be a viable solution and whether I could implement it. Of course, I told him yes. I began to search the Web, bookstores, and libraries for all the information I could get my hands on regarding VPNs. I found many helpful Web sites (TechRepublic being one of them) and met a few people through discussion boards and forums. I spent every night reading books, postings, and articles. I hardly slept for two weeks. The more I learned about VPN technology, the more I became convinced this was the solution I was looking for.

Company background
Maryland-based Coastal Business Machines, Inc. (CBM) is the world’s largest UPS (uninterruptible power supply) reconditioning center. It repairs and recalibrates thousands of UPSs each year for many of the Fortune 1000 and Fortune 500 companies, as well as for smaller companies and individual users. With so many clients, large and small, the company relies on a close-knit sales team to manage the accounts.

Setting up the VPN server
The first step was to set up a VPN server on our local area network. I used Windows NT Server 4 with Service Pack 6. It took me a few days to get it configured according to what I had learned. Next, I needed a client to connect to the VPN. I employed a Toshiba Satellite with Windows NT Workstation 4 Service Pack 6.

After installing Point-to-Point Tunneling Protocol and setting up the VPN devices under RAS, I made my first attempt at connection. I logged on to the Internet and double clicked my VPN icon. My attempt was denied. It took a little bit of tweaking the encryption and security settings, but by the next day, I successfully connected. When I opened Remote Access Manager, the window showed my user profile as being connected to the device VPN1. But although I had connected to the VPN server, my username and password were still not being authenticated on the network. Thus, I had no access to any network resources, nor could I view Network Neighborhood. Two static routes from the VPN server to the domain controller were all that it took to get me authenticated. All of my hard work and learning had paid off up to this point.

Dealing with the ISP
I still had more than 60 days until the San Diego call center opened and the VPN was functional. My next challenge was to arrange for a high-speed connection to be installed in San Diego. I thought the difficult and stressful part of this project was over, but little did I know that I still had a long way to go.

I contacted my usual ISP and placed an order for a 512K frame connect to be installed in San Diego on or before August 18th. The paperwork was faxed to me; I filled it out and faxed it back. After receiving the papers, my ISP sales rep called to inform me that there is a provisioning period of 30 to 45 days for these circuits. I had expected this timeframe, which is why I placed the order so far in advance. He said he would contact me shortly with a definite install date.

Phone implementation
In the meantime, I still had to solve the phone connectivity issue. I ordered an IP phone and an IP card from Intertel. The card integrates into our current phone system and connects to our router in the office. Then, the phone gets its own IP address and connects via another high-speed connection. When it is all set up and configured, the IP phone, no matter where it is, is just an extension call away. This is a tremendous savings on phone costs. Ordering the phone and receiving it took about two weeks.

Trouble with the vendors
During the two weeks of waiting for the phone, I had not received a call from my ISP despite my repeated calls and pages. Finally, another representative contacted me. She informed me that my old rep was no longer with the company and had not placed my order. I explained my situation to her and told her I already had the travel plans to go to San Diego and complete this project on August 18th. She assured me that it was no problem; she would place the order and get the installation escalated. The phone company in San Diego gave her an install date of August 8th.

I was excited; this project was going to be finished 10 days ahead of schedule. I configured the hardware beforehand with Windows 2000 (which was much easier than NT). So all I would have to do is take the hardware to the site and hook it up. I arranged for someone to be at the site all day on the 8th. On the morning of the 9th, I was anxious to start testing the line, so I called out to the location. Much to my chagrin, I learned that the phone company hadn’t shown up. It didn’t even call with an explanation. I called my ISP rep and explained what had happened. She began the first of many attempts to contact the phone company and find out what was going on.

Getting desperate
For days, there were no answers or returned calls. When someone did finally call her back, the explanation was, “Sorry, we couldn’t fit that job in.” Now I was getting desperate. I was nine days away from my trip, there was no line installed, and there was no canceling the trip. A demo had already been scheduled with some of our vendors for the 19th, so the only option was to make it work. I began a campaign of informing everyone at my ISP of my situation and my dissatisfaction with it.

It did not take long to get the attention of the higher-ups in the company. One morning, I came into the office and I had 13 messages on my voicemail. Everyone from the head of customer service to the president of the Northeast District were there telling me that things were going to get worked out. Unfortunately, these promises never came to fruition. August 17th came and it was time for me to go to San Diego.

My only option was to use a 56K modem that I purchased at the last minute. I set up the workstation with the modem and, using a free dial-up my ISP gave me, connected to the VPN. It worked. It was painfully slow, but I had a connection. Since the IP phone needed a high-speed connection, I had to order another phone line and forward the calls from Maryland to an 800 number. It was sloppy and inefficient, but the next morning I pulled the demo off without a hitch.

When all else fails, go cable
I got back to Maryland and continued my effort to get the 512K circuit installed. Currently, I had this great VPN setup that was no faster than a 56K modem. Also, I had $1,900 worth of IP telephony equipment that was collecting dust. After two more weeks with no progress, I cancelled the order. I called the cable company and had a cable modem installed in San Diego. With the extra IP address for the phone, this solution was $450 cheaper per month than the 512K frame. The cable modem was installed in three days. All my man in San Diego had to do was connect the IP phone to the cable modem, and I was able to do the entire configuration over the Internet. The VPN was so fast, it seemed like his workstation was a node directly connected to our LAN. The phone was up and running with crystal clear voice quality and no delay.

Calls coming into our phone queue are routed to San Diego when no one here is available. As a bonus, we are now able to take clients' service calls three more hours each day. This was all accomplished for a setup cost of around $4,000 with yearly costs under $3,000. The project was way under budget, which obviously made management happy.

Lessons learned
This project was not only a great chance for me to show off my skills, but it was also very educational. I learned a great deal about virtual private networks and IP telephony through extensive research and reading on the Internet. I was also reminded that you should take nothing for granted. I expected the second part of this project would be the easiest, as I had little to do except place an order, but it actually turned out to be the most difficult. If you’re planning your own VPN implementation, one word of advice: Order your circuits as soon as possible. There are multiple companies involved in the ordering, provisioning, and installation process. This is not the first time that I have experienced significant delays with large ISPs.

Stephen Kent has been director of information services for Coastal Business Machines, Inc., for more than two years. He’s currently finishing his B.A. in information technology.


Have a comment?
Do you have a similar VPN experience you would like to share? Start a discussion below or send the editor an e-mail.

 

Editor's Picks