need a new vpn solution- win2k3 server?

[lockmac]

Hi guys.

With a network that I am one of the admin's of, we need to replace the current VPN solution we have.

Currently, we use a d-link VPN server that accepts 5 clients at the one time, and the client software doesnt work on Vista. We really need a VPN that will support at most 12 clients.

Just wandering, whats the best way to set up a vpn? Will using the Windows 2003 Server's built in VPN feature put a lot of load on the server? VPN access will really only happen at night time, when the server is doing backups.

Is their any other better solutions that perform better, such as a linux box or something? I like with the 2003 Server VPN function though how it is integrated into Active Directory.

Any help greatly appreciated

 

[RebateMonger]

The Windows VPN client doesn't really put an appreciable load on the server. Microsoft advertises ISA 2004 on a Server 2003 box as being able to handle thousands of simultaneous Windows VPN clients.

I've had good luck over the years with the Windows PPTP or LT2P VPN as long as you've got a solid Internet connection on both ends. It won't retry a connection after three tries or so, so if you have a "bad" connection, it can get frustrating. Also, you can't automatically boot into a VPN connection as far as I know. If you can live with that, it's REALLY easy to implement and the client is, of course, built into every modern version of Windows.

If you are using PPTP, the router or firewall has to be able to pass inbound GRE (Protocol 47) through to the server. A higher-end router should be able to do that without a problem. Some SOHO routers might have problems with it, depending on the exact model and Firmware version of the router.

 

[IndyColtsFan]

Originally posted by: RebateMonger
Also, you can't automatically boot into a VPN connection as far as I know. If you can live with that, it's REALLY easy to implement and the client is, of course, built into every modern version of Windows.

What you can typically do to get around that issue is to have the user click "Log on using dialup networking" at the CTRL-ALT-DEL screen. The user will then have the opportunity to pick a VPN connection to initiate prior to typing their login credentials. This works just like you are sitting on the LAN -- you get login scripts, etc. and it works pretty well. At my last job, we used ISA 2004 to provide VPN connectivity and trained our users to do this and we didn't have any issues.

 

[PlatinumGold]

Sonicwall, that would be my recommendation.

 

[spikespiegal]

I like with the 2003 Server VPN function though how it is integrated into Active Directory.

Rather have a SoHo box running LDAP, but that's just me. You either love ISA or hate it. I'm not the former.

 

[redbeard1]

This is the SMB sized firewall. Both their IPSEC or SSL VPN client works with Vista. To get enough SSL clients you either need the Pro version of their software, or the X55e.

Watchguard Edge Firewall

 

[sourceninja]

We have had great success with openVPN. In fact there are some prebuilt distros out there that will make setup a breeze for a small environment.