Topic: SME as VPN client for a LAN to a Windows 2000 Server

[Patrick F. Ducharme]

Hi,

The company where I work will have a new branch office really soon.  Here, we have a Small Business Server 2000 (Windows 2000 server) with about 45 clients.  We run MS exchange on our server.  

I plan to use a SME 5.6 U4 server at the other office.  The LAN at this office will have about 10 clients PC.  I like to know if SME can connect as a VPN Client to my 2000 Server to make the clients on the new LAN access some file sharing and our Exchange server too.  I would like that this solution will be transparent to our new user (not creating a VPN connection on each workstation, but a permanent one on the SME server..).  I hope you know what I mean

I read the howto about FreewanS/IPSEC from Darrel May but don't know if I can use that for my need.  

Thank you all,

[Johan]

Hello PAtrick,

Tree questio'ns

One:
What kind off connections security you have on this moment from your internet line to your network (from your modem/router strait to the the bill Gates Box)

Two:
What kind off connections do you make for your new branch office?

Tree:
What is the risk off the communications lines are broken whith your Mail server.

Please give first anwere on these questions, before i can suplie you with in my opion the right anwers.

Grtz

Johan

[Patrick F. Ducharme]

Tree questio'ns

One:
What kind off connections security you have on this moment from your internet line to your network (from your modem/router strait to the the bill Gates Box)

A:  My Internet is connect directly into my 2K server, that Run ISA Server.

Two:
What kind off connections do you make for your new branch office?

A:  My new office will have a Wireless T1, like the one I have here.  The Internet pipe will be connected directly into SME configured as Server & Gateway.  All I want is a permanent VPN Connection between my ISA Server (Main Office) and my SME Server (Remote Office) that let users from remote office access my Shares and my Exchange on Main Office server.  Maybe also I want users from Main office to be able to access server of Remote Office, but it's not very important.  They will send email to users of remote office, so they will use the current exchange server.

Tree:
What is the risk off the communications lines are broken whith your Mail server.

A:  My Line Internet connection is very stable and is up here since 1 year without any downtime.  I have a 50 Gig/month quota, I hope this will be more than enough to make my permanent VPN !.

Another question :

Maybe it will be better to put two MNF Server (mandrake Network Firewall), one at each side and make the Permanent VPN between each other ?  But I don't know If i'll can access my Shares and Exchange on my main office server from a remote site PC... ?!

Thank you !

[Boris]

Try a pair of NetGear ProSafe VPN firewalls FVS318.
8 IPSec VPN endpoints will give you some room to grow into with next branch offices. You can buy them for under $150 dollars each and they are cheap, stable and easy to set up. They even handle VPN if one side has dynamic IP.
Behind those routers/firewalls you can retire ISA from win2000 server and just use both servers (Win2000 and SME) for files, e-mail and such.

[ryan]

Another option is IPCop....this can login to a VPN connection, but I don't recommend using PPTP VPN on SME 5.6...regardless of what Mitel says, PPTP VPN is still unstable even with U4 applied.  I prefer FreeSwan/IPSEC on IPCop over SME also.  IPCop is less than 25mb download and is completely GNU/GPL.

good luck,

ryan

[Johan]

Hello Patrick,

My advice is allmost all ready given:

My Advice should be:

Place on your main site a SME server 5.5 whith the Ipsec/vpn in front off your windows machienne. (these is very imported becouse the safty off your network)

Place on your remote site also a SME server 5.5 and make whit these two a VPN tunnel between it.

People off your remote network can connect true the tunnel their data on your exchange server ect.

Make also aktif on you exchange server a imap mail connecting. So you can use de horde web mail application on the SME box on a secondery imap server.

Zo you have a very safty web-mail solution in combination off exchange (on this moment is (very) easy to pass true the standaar webmail client on a exchange server servername/exchange a flod of data and it's open on almost every one's account)

And on this manner you have also for both office a good solution for homeworker's who are logging in from home (are only the mail whith webmail are with a vpn to their own office server (head- are remote-office)

A few people adviced also the IPCop instalation also a good plan but you are missing then on your remote office the fileing and printing service of a standard SME box.

If you have more questions mail it

Grtz from Amsterdam

Johan

[Patrick F. Ducharme]

Johan:  Ok, but why IMAP with Exchange ?  The remote user can use POP access Without any VPN...

Boris:  Does that VPN Router will let my users from each side of the VPN to browse files of the other side LAN ?

[Johan]

Hello Patrick,

Why Imap

All mail stays at the the server it don't mind if your user's change from workstations. The mail is on the server and not in a mail folder local are on a user share.

Ik they connect from home are from custumer to the one of your SME severs they can get their mail with the webmail configuration.

Goodluck

Grtz from Amsterdam

Johan