General discussion

Locked

Ed Bott's Microsoft Challenge--4/6/2000

By ebott ·
OK, I've settled on VPN, and I need your help once again. My small (10 users) network accesses the Internet through a 1 Mbps DSL line and Microsoft's Proxy Server. Where do I go from here? What kind of mistakes am I likely to make? Help me avoid thepitfalls and get my VPN running smoothly, securely, and as quickly as possible. The best suggestions (and confessions, if you've learned the hard way) will appear in my next column.

This conversation is currently closed to new comments.

25 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by trichard In reply to Ed Bott's Microsoft Chall ...

I've said "DUH!" one too many times because I forgot the 128bit security upgrade patch from MS...don't miss this often overlooked step =)

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by Inspectorclave In reply to Ed Bott's Microsoft Chall ...

Make sure you have TCP/IP configured to enable PPTP filtering. This will prevent outside access to your internal network through VPN. Add the Point to Point Tunneling Protocol to your list of protocols. Create a dialup networking connection configured for your VPN. Make sure that your proxy server has the applicable ports configured for inbound and outbound traffic.

Inspectorclave

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by Scathis In reply to Ed Bott's Microsoft Chall ...

For the cost and reliability, I'd go with a Windows 2000 VPN over a Windows NT VPN. The RRAS support is a bit better and you can grant dial-in access to any user in your Active Directory Tree just like you would with RAS and NT. Plus 2000 offers L2TP using IPSec instead of NT using just PPTP. L2TP is much more secure. If you are going to be growing, I'd highly suggest using a hardware VPN. We've used one from Nortel and it's works very well, you can even use the MS VPN Client with Windows 2000/98

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by cacmk5 In reply to Ed Bott's Microsoft Chall ...

I would definately use a DHCP to assign static IPs to your 10 user network. From there setup a fiewall to stop people from trying to enter your site and then Register a domain so you can iniate a connection without using an ISP.

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by mikemoore In reply to Ed Bott's Microsoft Chall ...

For your mobile staff to get in you'll need some kind of secure router/firewall with VPN enabled. You can use W2K but I think cisco works better and the client is free. Make sure that your mobile users are not on a connection that uses NAT. NAT kills VPN. Performance does suffer when compared to dial-up because of the increased load on the processor and unoptimized routes so if you can give your staff DSL or cable unless they move around a lot. If you do use W2K clients make sure they have a static IP, so far we haven't been able to make IPSec work with dynamic addresses. Good luck, this is definitely a learning experience.

Collapse -

Ed Bott's Microsoft Challenge--4/6/2000

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Back to Windows Forum
25 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums