Help with VPN or remote connection to office

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am helping a small office with their network, they are running Windows 2000
SP4 and XP Pro clients. The owner has a XP Pro PC at home that he would like
to be able to connect to the offiice network. He has a cable connection at
home with a dynamic IP and a DSL connection at the office with a dynamic IP.
What would be the most affordable way to connect him to the office. He would
like it to be setup so when he is working from home it is just as is he was
at the office.

Thanks for any help and ideas.
 
You can make a VPN connection between a computer running W2K/XP and W2K/XP
with the "server" computer being limited to one connection. I would
recommend trying that first using pptp which is all you can use in the
method I just selected. See the link below to see how it is done in W2K and
the method would be similar to XP.

http://support.microsoft.com/default.aspx?scid=kb;en-us;257333

If you try such, the "server" end will need to configure the firewall NAT
router to allow traffic for port 1723 TCP and forward it to the internal
server. Also protocol 47 for GRE will need to be allowed for each end's
firewall NAT router. This may be referred to as pptp passthrough on many
devices. The other problem you have is dynamic IP addresses. To connect to
the server end [his office] he would need to enter the fully qualified
domain name in for his internet connection such as mycomputer.mydomain.com
OR the current IP address that the ISP has assigned. This may be a problem
if the IP address changes frequently. He may want to try and get static IP
address or use a dynamic dns service. He should be able to at least test it
out with the current dynamic IP as the address may not change frequently.

http://www.no-ip.com/ -- example of a dynamic dns service for internet IP
addresses.

Keep in mind that a VPN as you describe will be VERY slow compared to a
regular lan connection. The speed is limited by the maximum uplink speed of
the connection where the data is coming from which is usually a fraction of
the downlink speed for a consumer type DSL though business users can buy
faster uplink speeds. Also DSL users may need to tweak their MTU settings on
their DSL NAT routers to optimize VPN performance. If he still wants to go
with it a better long term solution would be to purchase and install an
ipsec endpoint device for each end of the VPN connection. I have used the
Netgear FVS318 to do such for example and that device costs around $100 and
is fairly easy to configure. It will replace current NAT routers and do that
function also. --- Steve

http://www.netgear.com/products/details/FVS318.php --- Netgear FVS318
 
Steven said:
I have used the
Netgear FVS318 to do such for example and that device costs around $100 and
is fairly easy to configure. It will replace current NAT routers and do that
function also. --- Steve
Click to expand...

If you are thinking about this router read the info at these links:
http://www.netgear.com/pdf_docs/FVS318_ds_1oct04.pdf
http://kbserver.netgear.com/products/FVS318.asp

Basically without much fanfare Netgear is upgrading the hardware for
this router. When you buy (and it is not clear to me these are even in
the retail channel yet) check the serial number as the older versions
has a 50MHz processor and the new version you'll get 200MHz processor
and more memory. Netgear states:

The increased power allows the FVS318v3 to support:
* A 10/100 Mbps Internet port
* Faster routing and VPN throughput
* VPN authentication using X.509 certificates
* Secure remote management using SSL encryption
* Inbound and outbound firewall rules
 
Thanks for that as it was news to me. I am going to download and read the
manual shortly as there is one dated 12/2004. if they hold the priceline
within reason it will be a steal. I also like the mention of the outbound
firewall rules capability and the three year warranty. --- Steve
 
I think they will have the same price. It is not clear to me that
retailers and many consumers will be aware that there are different
hardware versions. From what netgear has stated the only difference in
the packaging is the serial number. I talked to someone at the Netgear
store and asked how I could be sure I'd get the v3 hardware if I
ordered from them and he basically said I couldn't. I'm not sure they
were even aware of the change. In a later e-mail from Netgear I was
told that the only way to make sure of getting the new version is to go
to a store and check that the serial number starts FVS9. I looked in
CompUsa yesterday and the boxes all had serial numbers starting FVS1.
I've since been told that they may not appear in stores for another few
weeks. Who knows...

As you say, a steal, but I'd pay some extra not to have to go through
the hassles that appear to be involved in finding the v3 hardware.
 
I think they will have the same price. It is not clear to me that
retailers and many consumers will be aware that there are different
hardware versions. From what netgear has stated the only difference in
the packaging is the serial number. I talked to someone at the Netgear
store and asked how I could be sure I'd get the v3 hardware if I
ordered from them and he basically said I couldn't. I'm not sure they
were even aware of the change. In a later e-mail from Netgear I was
told that the only way to make sure of getting the new version is to go
to a store and check that the serial number starts FVS9. I looked in
CompUsa yesterday and the boxes all had serial numbers starting FVS1.
I've since been told that they may not appear in stores for another few
weeks. Who knows...

As you say, a steal, but I'd pay some extra not to have to go through
the hassles that appear to be involved in finding the v3 hardware.
 
Thanks for the help and info. I do have a LinkSys BEFSR41 on the Internal
LAN side. Do I need 2 NIC's in the server for this?? One servicing the
internal LAN and one for the VPN?
 
Eric,

Looks like we might have the same equipment were trying to config.
Hopefully we can share notes.

No you don't. One NIC will work for everything.
 
Back
Top