VPN to Single Application and/or Fileserver?

Hi I am very new to VPN technology and have been asked to setup a VPN
to enable four branch offices to access a fileserver and application
server located at a fifth office.  We have purchased a Linksys VPN
router for the fifth office and want to setup the computers in the
branch offices to tunnel in to the VPN router.  All of the PCs are
running Windows XP Pro with SP2.  I would prefer to use the VPN
technology built in to Windows XP if at all possible for simplicit4y's
sake.  Here are my questions/concerns:

1) I have heard that PPTP (the VPN technology used by Windows) was
severely broken at some point.  Has it been fixed by SP2?  Would you
guys reccomend using it?

2) My limited understanding of VPN technology tells me that once a
computer has established a VPN tunnel from a branch office to the fifth
office, that computer will be relying soley on the Internet connection
of the fifth office for any and all web browsing/email/etc.  Is this
correct?  If possible I would prefer that the branch office computer
rely solely on their local Internet connections for web browsing, and
only use the fifth office's web connection for accessing the file and
application servers located in that fifth office.

[ Post a follow-up to this message ]

"Karl" <kcox@issllc.com> wrote in message
news:1136996583.199855.244710@g14g2000cwa.googlegroups.com...
> VPN to Single Application and/or Fileserver?
>
> Hi I am very new to VPN technology and have been asked to setup a VPN
> to enable four branch offices to access a fileserver and application
> server located at a fifth office.  We have purchased a Linksys VPN
> router for the fifth office and want to setup the computers in the
> branch offices to tunnel in to the VPN router.  All of the PCs are
> running Windows XP Pro with SP2.  I would prefer to use the VPN
> technology built in to Windows XP if at all possible for simplicit4y's
> sake.  Here are my questions/concerns:

I don't think the Linksys routers allow software clients to use the tunnel.
If the four PCs are in the same location, you will need to get one more
Linksys router and put it in place for the other remote side.  You can
configure the tunnel to allow those PCs to access to tunnel to the remote
router.

> 1) I have heard that PPTP (the VPN technology used by Windows) was
> severely broken at some point.  Has it been fixed by SP2?  Would you
> guys reccomend using it?

Don't know anything about this, but I assume that if you want to use PPTP,
you won't need the LinkSys router.  You should be able to set up a Incoming
Connection on the fileserver machine (assuming it's Windows 2000 or better)
and setup the four machines to log into it.  The drawback to this is that
you will have to create uses on the fileserver for each of the PCs wanting
to connect to it.  This isn't really a drawback ... more of an
inconvenience, but it is nice to have for security.  You *could* configure a
single account and have them all connect using it, if you wanted to.

> 2) My limited understanding of VPN technology tells me that once a
> computer has established a VPN tunnel from a branch office to the fifth
> office, that computer will be relying soley on the Internet connection
> of the fifth office for any and all web browsing/email/etc.  Is this
> correct?  If possible I would prefer that the branch office computer
> rely solely on their local Internet connections for web browsing, and
> only use the fifth office's web connection for accessing the file and
> application servers located in that fifth office.

The PCs connecting through VPN tunnel will continue to use their own
internet connection(s) independently of the tunnel established.  Otherwise,
they would drop the tunnel everytime a tunnel was made since the tunnel is
made through their internet connection.  When you are connected to the
fileserver, you should be able to browse to the intranet web address (the
private-side IP address assigned to the fileserver, more than likely) with
no difficulties.

Undrhil

[ Post a follow-up to this message ]

I did something very similar last year.
I wouldnt use linksys gear,  I would use cisco router at the 5th office
and RRAS / Windows XP VPN. Or something like Watchguard at each office.

You didnt say if your clients are VPN'ing direct or if you are creating
site-to-site tunnels.

If your doing the former, and clients are XP you can possibly use L2TP,
instead of PPTP.
If you want to use the LAN for Internet/Email and the VPN at the same
time, you may need to look into split tunnelling. Good Luck!

[ Post a follow-up to this message ]

Karl wrote:
> VPN to Single Application and/or Fileserver?
>
> Hi I am very new to VPN technology and have been asked to setup a VPN
> to enable four branch offices to access a fileserver and application
> server located at a fifth office.  We have purchased a Linksys VPN
> router for the fifth office and want to setup the computers in the
> branch offices to tunnel in to the VPN router.  All of the PCs are
> running Windows XP Pro with SP2.  I would prefer to use the VPN
> technology built in to Windows XP if at all possible for simplicit4y's
> sake.  Here are my questions/concerns:
>
> 1) I have heard that PPTP (the VPN technology used by Windows) was
> severely broken at some point.  Has it been fixed by SP2?  Would you
> guys reccomend using it?
>
> 2) My limited understanding of VPN technology tells me that once a
> computer has established a VPN tunnel from a branch office to the fifth
> office, that computer will be relying soley on the Internet connection
> of the fifth office for any and all web browsing/email/etc.  Is this
> correct?  If possible I would prefer that the branch office computer
> rely solely on their local Internet connections for web browsing, and
> only use the fifth office's web connection for accessing the file and
> application servers located in that fifth office.
>

A few questions/suggestions:

1. What model of VPN router did you install at the 5th office? Whatever
it is make sure that you have the latest firmware installed on the router.
(I purchased multiple BEFVP41's V2 for a similar setup last year and
found that they all had old firmware revisions. Check the Linksys.com
website for the updates & update information).

2. Are the branch offices on static or dynamic IP's? If on dynamic set
up DDNS domain names for each location - I recommend
http://www.dyndns.com/services/dns/dyndns/ - then set the branch routers
or a DDNS client to update the domain information automatically. Also
see: http://www.dyndns.com/support/clients/

To make life easier for all: at the other 4 offices install the *exact
same* VPN router at those locations. [Regardless of whether you use a
Linksys, Netgear, whatever, installing the same at all locations will
make your life much easier.]

Setting up the same VPN routers you won't need to mess with configuring
each PC for VPN access at the remotes, you simply set up the VPN tunnels
in the routers and let them do the work. If you are using Linksys
BEFVP41's at each location (as an example), each location will be able
to VPN to the end-point (5th office in this case) for application
access, and will also be able to access the internet, e-mail etc from
their own connection. They do not need to rely on office 5 to get the
access.

[ Post a follow-up to this message ]