Setting up a VPN

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I want to gain access to files on my server from outside the office network when working off site.

The server runs windows small business server 2003 and my router is Cisco 857.

From information that I have read it appears that I will need to create a VPN tunnel.

If I have understood correctly I can do this either through the SDM setup for the Cisco router or in the windows server 2003 program, is this correct?

If I use SDM setup I use the wizard to create the VPN tunnel and then load the cisco client software onto my laptop or whatever computer is to connect to the network from outside.

OR

I configure remote access in the windows 2003 server and use the remote access setup in my windows XP laptop to get access to my network.

Does the above sound correct or is it complete rubbish? If it is correct and there are 2 methods which would be the one to use?

Thanks

John

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

There is a broad rang of vpn technologies available that you could use - but for your situation two good methods would be using the Cisco vpn client software or L2tp. The Cisco client software is simple and configuring it fairly easy. It works well, but there is no Vista 64 bit client - xp/linux/osx/vista 32bit no problem, but if you have 64 bit Vista you would need to use Cisco's Anyconnect or SSL client software.

L2tp works well and doesn't require installing client software, but changes made to Vista can make it tricky getting Vista to connect through L2tp. You can also use pptp, but as it is inferior to L2tp I wouldn't recommend it unless it is the only way.

BTW it is quite possible to configure multiple vpn access methods and use whichever is best for the circumstances.

Spice_Weasel

 

Thanks Spice_Weasel

I will only be using win Xp 32 bit for connection so think from what you have said to go for the Cisco route. Just loaded VPN client version 5.0.04.0300 onto my laptop and having a look at the router settings through SDM Edit easy VPN utility.

It looks like I need to create/use the Easy VPN Server if I want say 2 people to be able to connect.
Assume that the interface would be Dialer0 (ATM0.1)
Method list for group policy lookup would be Local
User Authentication would also be Local

In the Add Group Policy

Name of group <some name here>
Pre-shared key <password here>

In pool information:- Select the existing pool range

So I ran the TEST VPN SERVER and it all tested ok

Next step was to put values into the VPN Client.

Connection entry:- unsure what to put here
Description:- ok with this
Host:- Now examples I have seen state a domain name here. With my setup I go through my ISP on a fixed ip address. What should I put here?

In Group authentication I guess the Name is the sam eas the one created in SDM <name of group policy>
Password is again the one created in SDM <pre-shared key>

Unsure here but would it be:- Transport ticked enable transport tunneling and IPSec over TCP? what TCP port, do I specify any value here?

Thanks

John

 

I don't use the SDM, but if you need a cli example I can provide that. However, in the vpn client, the host value can be an ip address or fqdn - I suggest just putting your ip address in, as you have a static ip. IPSec vpn connections are often carried in udp rather than tcp, so I would select "IPSec over UDP".

Test it out from a remote location and see how it works - I hope the SDM correctly handles some of the potential problems such as nat.

Spice_Weasel

 

Just got home and tried the client VPN connection on laptop.

The connection is made and in the statistics it shows the connection with an IP address that has been assigned from the pool specified in cisco router, so that looks ok.

The only problem is that I cannot see my server which has an address outside the DHCP pool. I would not have thought that was a problem though because I thought the pool was just for providing IP address's?

What I was expecting to see was the server in my network places (on laptop) and I could then login to my user account on the server.

Have I missed something?

Thanks

John

 

Just done a ping at server address and that works fine but still not visable in explorer

Thanks

John

 

Tried to set up laptop to windows domain but still could not get connection.

Established link with cisco client VPN and entered the server IP address into internet explorer. Achieved connection to the server and got windows 2003 small business server screen but could not get past the Network Config screen hence could not enter username and password to access the server.

Thanks John

 

At the run line I have tried \\195.160.2.80 (made up ip address)

but could not get connection, just message saying incorrect syntax

Thanks

John

 

Arggh, sorry works fine now executed in run box.

Is there some way it could be arranged that I could log into the server without having to put the IP address into the RUN box? Just trying to reduce some of the steps to access the office network remote but do not want to compromise security.

One other thing I have noticed and sorry this thread is becoming so basic but when the Cisco client VPN is established I cannot browse the internet locally on my laptop. It's not a problem, but just wondered if this is because a VPN tunnel is created between my laptop and the office network that is now protected and hence the laptop cannot access anything else externally?

Thanks John

 

Yes, you are right, when the vpn is established you will not be able to access the Internet through your local connection. The vpn connection can be configured to allow Internet access (called split tunneling) if needed.

Spice_Weasel

 

Forgive me if this is a stupid question, but do the SDM and the remote client enable GRE tunnelling by default?

 

FlashDangerpants: No, the Cisco client uses regular IPSec.

Spice_Weasel