I would like to set up a VPN solution here for staff to access their documents/and sims.
We are with SWGFL and I have to submit a change request to them. I want to just get this clear in my head before I do.
I have set up a VPN server here with a static IP. Am I right in thinking that I need to get SWGFL to give me a public IP address and allow all traffic on port 1701, 1723 and forward it to our internal IP address of the VPN server??
We don't use a full VPN solution here for all staff (but do ourselves). We use OPENVPN ALS which is a linux based web app which can setup RDP sessions through a Java Applet over SSL on port 443 - Works Flawlessly.
Alternativly you could use Home Access Plus which is the same - might be slightly easier to setup then a full VPN solution (and cheaper!)
I have a spare server with 2003 so the cost is nothing. And I still need to get some kind of public access to the server. TBH, not all staff will use it. Probably only the SLT and myself to start with.
You will still need public access yes - but my lea preferred to allow port 443 rather then us setting up a full vpn solution when they have one in place.
Originally Posted by Admiral208
We have a SSTP VPN setup powered by TMG 2010 here - only works on Windows Vista/7 though as XP doesn't have the techonlogy required inside it.
All we did is assigned a static IP to the TMG 2010 NIC that the VPN was hosted on called our LEA they provided a public IP addressed and NATed the two together opening port 443 as well.
Frosting on the cake was updating DNS as well so we have a DNS name that points to that public IP address.
Further to my last post if your school is anything like ours then you will find that the VPN totally changes the way staff work remotely (at least if they have a decent net connection), we have about 80% of our staff now on it using their issued laptops and home PCs.
The way its setup is it allows them to fully access the network from home and as such they don't even need to come in to fully work on anything in the shared drives or on SIMS.
Thats what I want to happen. At the moment, we have a horrible terminal services solution set up by the la but only enough license for 5 users.
Originally Posted by jamesfed
The problem is that all of these things above will cost extra to set up.
I currently have a spare 2003 server which has the ability to run a VPN role for free... We have a 100mb internet connection which should easily be able to support more users. I don't think that getting the ports forwarded will be a problem but I am unsure if thats all I need to do.