TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • April 5, 2000 at 3:12 am #2081675

    Ed Bott’s Microsoft Challenge–4/6/2000

    Locked

    by ebott · about 22 years, 11 months ago

    OK, I’ve settled on VPN, and I need your help once again. My small (10 users) network accesses the Internet through a 1 Mbps DSL line and Microsoft’s Proxy Server. Where do I go from here? What kind of mistakes am I likely to make? Help me avoid thepitfalls and get my VPN running smoothly, securely, and as quickly as possible. The best suggestions (and confessions, if you’ve learned the hard way) will appear in my next column.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • April 5, 2000 at 5:33 am #3896860

      Ed Bott’s Microsoft Challenge–4/6/2000

      by trichard · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      I’ve said “DUH!” one too many times because I forgot the 128bit security upgrade patch from MS…don’t miss this often overlooked step =)

    • April 5, 2000 at 7:15 am #3896854

      Ed Bott’s Microsoft Challenge–4/6/2000

      by inspectorclave · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      Make sure you have TCP/IP configured to enable PPTP filtering. This will prevent outside access to your internal network through VPN. Add the Point to Point Tunneling Protocol to your list of protocols. Create a dialup networking connection configured for your VPN. Make sure that your proxy server has the applicable ports configured for inbound and outbound traffic.

      Inspectorclave

    • April 6, 2000 at 12:51 am #3896824

      Ed Bott’s Microsoft Challenge–4/6/2000

      by scathis · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      For the cost and reliability, I’d go with a Windows 2000 VPN over a Windows NT VPN. The RRAS support is a bit better and you can grant dial-in access to any user in your Active Directory Tree just like you would with RAS and NT. Plus 2000 offers L2TP using IPSec instead of NT using just PPTP. L2TP is much more secure. If you are going to be growing, I’d highly suggest using a hardware VPN. We’ve used one from Nortel and it’s works very well, you can even use the MS VPN Client with Windows 2000/98

    • April 6, 2000 at 12:59 am #3896823

      Ed Bott’s Microsoft Challenge–4/6/2000

      by cacmk5 · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      I would definately use a DHCP to assign static IPs to your 10 user network. From there setup a fiewall to stop people from trying to enter your site and then Register a domain so you can iniate a connection without using an ISP.

    • April 6, 2000 at 2:47 am #3896815

      Ed Bott’s Microsoft Challenge–4/6/2000

      by mikemoore · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      For your mobile staff to get in you’ll need some kind of secure router/firewall with VPN enabled. You can use W2K but I think cisco works better and the client is free. Make sure that your mobile users are not on a connection that uses NAT. NAT kills VPN. Performance does suffer when compared to dial-up because of the increased load on the processor and unoptimized routes so if you can give your staff DSL or cable unless they move around a lot. If you do use W2K clients make sure they have a static IP, so far we haven’t been able to make IPSec work with dynamic addresses. Good luck, this is definitely a learning experience.

    • April 6, 2000 at 4:07 am #3896808

      Ed Bott’s Microsoft Challenge–4/6/2000

      by scubajeff2 · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      I would definitely upgrade to W2K first, purchase CheckPoint’s VPN software, and save a few headaches, although you will spend a few more IT dollars up front, it’s easy to configure and runs well.
      I would suggest avoidance of a linux configured system as a vpn gateway due to the small amount of users and the support necessary to maintain and configure it.
      I (oops) missed the case history.

    • April 6, 2000 at 4:09 am #3896807

      Ed Bott’s Microsoft Challenge–4/6/2000

      by skiptheb · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      Ed, just finished installing the same here in Andover, MA at an internet startup. I am using W2K and a 1.1Mbps DSL. I chose not to use the proxy server from msoft though. I went with a netscreen firewall for better control of the ports and also to use mapped IP’s to my servers. The VPN works great (once I got the subnet details right from my ISP, they seemed new to this too), my only problem was that Outlook had to be closed before making the connection. After connecting I can open outlook and it synchs and runs great. Name resolution is also working (I can browse the network using server names in Explorer). My mapped drives (f:= servername/D$) were a little problem, but I found that I could remap them and they worked fine.

      I have been wanting to install a VPN solution now for two years, it took me this long to find a firm that was on-board with the cost justification.

    • April 6, 2000 at 7:01 am #3896798

      Ed Bott’s Microsoft Challenge–4/6/2000

      by mouim · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      The First mistake you may encounter is to use Microsoft’s version of PPTP for your VPN. Although free with NT it does have it’s draw backs. IPSec is not supported and because of that you would want to put the VPN server in a DMZ Zone. For 10 users you are already talking about too much administration in my opinion. Since you are currently using a DSL for Internet access, I would suggest getting something like a DSL Pipeline Router with built-in VPN capabilities and Firewall protection. These units can easily be purchase for under a $1000 which is even less than a scalled down server.

    • April 6, 2000 at 6:30 pm #3896771

      Ed Bott’s Microsoft Challenge–4/6/2000

      by brdall · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      We’re in the middle of implementation right now. We tried the NT PPTP solution and rejected it. It’s slow (fat protocol) and not always reliable. We’re switching to the Cisco PIX with IPSec clients. Somewhat expensive and not real easy to setup on the host end, but faster and actually the client setup is much easier.

    • April 7, 2000 at 3:41 am #3896757

      Ed Bott’s Microsoft Challenge–4/6/2000

      by jokeman · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      setup the proxy server accordingly… make sure u have blocked the correct tcp/ip and udp traffic.. also with ipx/spx…

      as far as operationg system goes stiuck with nt since its been around for a while, even though win 2000 is more secure it will probably be buggy…… also i would suggest using unix as a operating system much more stable….. harder support but worth it…

      good luck

    • April 8, 2000 at 12:38 pm #3896706

      Ed Bott’s Microsoft Challenge–4/6/2000

      by clocks · about 22 years, 11 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      Ok, first, I would not have used the MSFT proxy server in the first place. But, since you aparently already have it implemented somewhat, I will just have to work from there.
      Since you have already got in installed, DONT use msft PPTP. It has IPSec problems. Find a different client. Also, Definitely use a pipeline router to gain the built in functionality without having messy configurations. If you go with the router (itll cost you some but not much), you will automatically solve the firewall and VPN problems without messing with configs to do it.

    • May 17, 2000 at 5:31 am #3895778

      Ed Bott’s Microsoft Challenge–4/6/2000

      by green_lantern · about 22 years, 10 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      The Proxy Server okay for a gateway, but I would purchase another program to server as a firewall. Proxy leaves a lot to be desired for security. Also kill all unnecessary protocols. Get rid of IPX and Netbios if at all possible. Big security holes and they create traffic you might not want.

    • September 20, 2000 at 7:03 pm #3736346

      Ed Bott’s Microsoft Challenge–4/6/2000

      by ebott · about 22 years, 6 months ago

      In reply to Ed Bott’s Microsoft Challenge–4/6/2000

      This question was auto closed due to inactivity

  • Author
    Replies
Viewing 12 reply threads