1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN Access to Enterprise Site Authentication

Discussion in 'Networks' started by Weemez, Dec 9, 2008.

  1. Weemez

    Weemez Kilobyte Poster

    372
    1
    0
    Hi All, I'm back from the dead and glad to see CertForums still doing the bizz!

    I'm currently working on a little project at work and we have a few sites where we have devices in locations that are not part of our company sites but we have users there that access our network through these places. These PC's laptops link over BT's N3 network to the LAN firewall then outside addresses are translated into local addresses but i would like to set these up using Junipers Netscreen Remote VPN client to access our network so as they can be part of the LAN eg remote devices having a LAN address then being tunnelled over the BT network then being able to access our network. I have had a look around on the net regarding this and all the info i can find relates to using RADIUS and xAUTH. I was wondering and hoping that it would be possible for the users and devices to authenticate to Active directory as if they were sittting actually on the LAN but connot find reference to this. I'm not looking for a complete rundown as to how this can be done because i would like to get to the bottom of this as much as i can myself but was just wondering if this was a technically feasible option?

    If anybody has had experience with this type of solution it would be great to hear if this can be done. The devices also need to be picking up dhcp addresses but these will be reserved for the remote devices on AD but i know this can be done through dhcp relay. (i think!)

    Thanks guys/gals. :D
     
    Certifications: HNC Computing A+ N+ ICND1
    WIP: ICND2
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Should just have to setup a IPSec VPN for some users no?

    DHCP can be handed out by the firewall or from your DHCP server depending on the config.

    What kinda firewall do you have mate?

    P.S I know you said Juniper but which one :)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    You could create a VPN using either PPTP or LT2P/IPsec (as Sparky said) using RRAS.

    Your DHCP would normally reserve 10 IP Addresses for the VPN's which would be taken from your leases.

    Chapter 10 of the Windows Server 2003 Network Infrastructure Book 70-291 would be good to assist you and to answer some questions you may have.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. Weemez

    Weemez Kilobyte Poster

    372
    1
    0
    Thanks for reply guys, sorry Sparky i forgot to mention its Netscreen 204. I have not implemented this in anyway as yet. I just wanted to get an idea of the best solution. I have not carried this out before so was just looking for a wee heads up.

    Thanks guys.
     
    Certifications: HNC Computing A+ N+ ICND1
    WIP: ICND2
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Looks ok mate...

    Try and get into the VPN setup of the device and see what the options are. You should be able to create user accounts or perhaps use LDAP to pull user accounts from AD. After that pick the security options such as PPTP or L2TP, you will probably have to put in a pre-shared key (PSK) at least to try and increase security.

    Not sure if the laptops will need Juniper Netscreen VPN client software installed but if not you should be able to create the VPN in Windows.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. Weemez

    Weemez Kilobyte Poster

    372
    1
    0
    All commments appreciated. :thumbleft

    I will look into this tomorrow.

    Thank you!
     
    Certifications: HNC Computing A+ N+ ICND1
    WIP: ICND2

Share This Page

Loading...