The problem with conventional vpn in schools is the LA who ultimately dictates what can be reached or not as the case may be.
SSL VPN is by far the easiest to implement in many cases as they don't need to know what it is that your tunnelling to on port 443
The work on almost every platform with iPad and Android supported and even if you only have one IP/port available they can be configured to "Pass Thru" specific services.
Eg. SSL VPN appliance and Exchange server can share one port 443 instance using a method of L4 routing.
We have always used the Sonicwall appliances for this as they can provide both the tunnel end point, a customisable reverse proxy for remote access and granular policy controlled webdav
The downside is that at £600+ for the SRA1200 it's way over your budget but if you work on the advantages rather than just cost you can normally easily justify the outlay to the SMT
Once they get to use them they quickly realise their true worth:-
Such as RDP access without the need for an RDP server or licensing by using your local PCs and software.
Remote access to files and resources.
Windows, Mac and mobile support.
Other vendors include Barracuda, juniper, Draytek all offer variations of the same thing.
M25man. SRA 1200 Looks like a fantastic product. I have found all the setup demos but really need to see what the teacher will see when logging on to the system. Can you explain how that works and what they see. For example do they run a connect client or visit a website to make the connection.
An ipsec dial-in will be fine. The Draytek comes with software that makes it nice and easy or you can use mac / windows vpn dial-in tool.
The Draytek 2830 is fine if you have ADSL or cable or leased line as it's got 2 x WAN ports. Get the N version if you want wireless too.
We sell them btw so if you want me to get you one do give us a call :)
The next screen is a customisable menu we normally have an RDP option (with WOL) that allows the SLT members to access and login to their own PC's thus negating the need to host/run an RDS server.
The technician can have access to the VPN option, others whatever you want hem to have.
If you have an RDS server this can be offered.
External contractors can be given a dedicated portal or non domain account on the SRA with restricted access to any kit they need to maintain .
The end result is a Secure VPN , Remote Access Solution (that doesn't need An RDS server or licensing if your happy to send users to an unused PC), Remote File Access all operating on the single SSL port open on your firewall.
It's also possible to use SSL offloading at Layer 4 so all traffic routes to the SRA except for instance an Exchange Server this would pass right through to the desired target server.
I have been using these for years and when you look at what it provides for the cost its really easy to sell it to the SMT.
The only negative thing that I can say about them is that they are now owned by Dell, which means that once your their list they will not leave you alone until they own you....
You should be able to setup remote access services and tunnel over 443 is called RAS I think.
if not then Watchguard units are good so and the juniper ssl appliances although they are expensive.
We use Watchguard cannot fault it.
Question I was going to ask what is the originals posters firewall if any on site? Maybe this has an option?