Could I have your suggestions?

Hi Guys and Gals,

I'm starting to administrate my first client-server based network. This
is what I want to do:

- Main office has a file server and terminal services server.
- LAN within the company connect to both
- Branch offices need to connect to both as well

I was just wondering what security precautions I should take? Also too,
I was told once that I shouldn't use the DHCP capabilities of my
router, but configure a DHCP server on my DC. I've done that, but I'm
not sure of how of how to assign the addresses to clients at the branch
offices. Why isn't the DHCP capabilities of the router not as good? I
imagine to accomplish this, I'll have to setup something simliar to a
VPN - but I'm not too familiar with that area yet. Would I setup my own
VPN server, or use a router's capabilities?

I'll be adding an e-mail and web server soon. Any pre-advice on that
subject? Thanks!

I know this is a very general question, but I just want to a better
idea of how to go about things from people that have done this before
rather than just jump in.

Thanks in advance!
Cyp.

Without going in to much detail. This is what I would do.

Use your DC as a DHCP server. Depending on the router the MS DHCP server
provide many more options to configure.

Create a point to point VPN. What is your budget on this project? With tha
info I can recommend some equipment.

With the point to point vpn you all traffic would be routed to the main
branch so your dhcp server would assign clients ip config.

psg

"Cyphos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi Guys and Gals,
>
> I'm starting to administrate my first client-server based network. This
> is what I want to do:
>
> - Main office has a file server and terminal services server.
> - LAN within the company connect to both
> - Branch offices need to connect to both as well
>
> I was just wondering what security precautions I should take? Also too,
> I was told once that I shouldn't use the DHCP capabilities of my
> router, but configure a DHCP server on my DC. I've done that, but I'm
> not sure of how of how to assign the addresses to clients at the branch
> offices. Why isn't the DHCP capabilities of the router not as good? I
> imagine to accomplish this, I'll have to setup something simliar to a
> VPN - but I'm not too familiar with that area yet. Would I setup my own
> VPN server, or use a router's capabilities?
>
> I'll be adding an e-mail and web server soon. Any pre-advice on that
> subject? Thanks!
>
> I know this is a very general question, but I just want to a better
> idea of how to go about things from people that have done this before
> rather than just jump in.
>
> Thanks in advance!
> Cyp.
>

Sorry that I haven't responded till now, I've been doing a lot of
reading and such wanting to know more of what I'm saying/asking before
responding.

I think I understand most of the questions that I asked before. What I
am still not 100% sure of is, what specific advantage does setting up a
DHCP server and using that server to hand clients over VPN ip
addresses... it just seems like extra bandwidth being taken up to me.
But, I've heard by many people that this is the way to go, so I trust
that it's the right decision. However, when implementing this - I know
the boss is going to ask "why do we need this?"

Next, about the VPN connection - my budget is rather limited. There are
6 offices, with approximately 3 computers at each office. I have found
this device:

http://www.futureshop.ca/catalog/pro...0026030&catid=

If I have one of these routers are each office (including the main
office), will this work?

Thanks,
Cyp.

"Cyphos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Sorry that I haven't responded till now, I've been doing a lot of
> reading and such wanting to know more of what I'm saying/asking before
> responding.
>
> I think I understand most of the questions that I asked before. What I
> am still not 100% sure of is, what specific advantage does setting up a
> DHCP server and using that server to hand clients over VPN ip
> addresses... it just seems like extra bandwidth being taken up to me.
> But, I've heard by many people that this is the way to go, so I trust
> that it's the right decision. However, when implementing this - I know
> the boss is going to ask "why do we need this?"
>
> Next, about the VPN connection - my budget is rather limited. There are
> 6 offices, with approximately 3 computers at each office. I have found
> this device:
>
> http://www.futureshop.ca/catalog/pro...0026030&catid=
>
> If I have one of these routers are each office (including the main
> office), will this work?
>
> Thanks,
> Cyp.
>

DHCP has very little overhead. I would not worry about DHCP's bandwidth
usage in your environment. Simply state to your boss that DHCP automatically
assigns IP Configuration (not just and address) to clients. This eases
administration of the network. If anything should need to be changed in the
clients IP configuration; the change can be made on the DHCP server instead
of manually visiting each client and making the changes. In the end saving
money in support.

Since your budget is rather limited the linksys vpn endpoint would allow you
to connect via point to point vpn. However I would use this device at the
main office.

http://www.linksys.com/servlet/Satel...VisitorWrapper

and then the one you originally posted for your branches. Read Gateway to
Gateway VPN in user guide for the product above. This device supports up to
30 VPN Tunnels and will allow the Gateway to Gateway or Client to Gateway
VPN. If you have mobile users this would allow them to connect via linksys
VPN software.

psg

Thanks a lot Chris - you've answered all my questions (for now, hehe)!
You're the greatest!

If you need anymore advice let me know.

Chris

"Cyphos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Thanks a lot Chris - you've answered all my questions (for now, hehe)!
> You're the greatest!
>

Hi Chris,

Okay, I went through everything last night - and I guess I do have some
more questions that I hope you can help me with.

I understand now about how tunneling works with the VPN and such, but
I'm not 100% sure how I will use this to tranfer DHCP information. How
does the remote office connect to the main office (via VPN) if it
doesn't have an ip configuration? Also too, I see many things about
"dialing-in" to connect to the VPN - what's this all about? Do I need
to purchase a modem or something?

The confused.. :P
Cyp.

Here is the explanation. At your main office use the DHCP server on one of
your servers for the office clients. Install the Linksys box that is capable
of the 30 tunnels at your main office.

At the branch offices install the smaller linksys box and configure the VPN
tunnel to the main office. This will create a connection from the branch to
the main office.

Once this is done DHCP requests will travel through this tunnel to the DHCP
server at the main office and IP configuration will be assigned to clients.

The term dialing in has been around for a long time and people may still use
it to connecting to a VPN this does not mean you have to install modems or
anything unless you want users to be able to access the VPN through POTS
(plain old telephone system).

You could allow the smaller linksys routers to hand out IP configuration at
the branches since you have a small amount of computers at each location or
just go with static IP's at the branches. This is up to you.

psg

"Cyphos" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi Chris,
>
> Okay, I went through everything last night - and I guess I do have some
> more questions that I hope you can help me with.
>
> I understand now about how tunneling works with the VPN and such, but
> I'm not 100% sure how I will use this to tranfer DHCP information. How
> does the remote office connect to the main office (via VPN) if it
> doesn't have an ip configuration? Also too, I see many things about
> "dialing-in" to connect to the VPN - what's this all about? Do I need
> to purchase a modem or something?
>
> The confused.. :P
> Cyp.
>

Dialin or dialup originally came into use when users actually dialled in
to a modem on the server. The name just seemed to get carried over to VPN.

Sometimes dialup is used to indicate the difference between a user who
makes a direct connection to the RRAS server (such as a salesman who
connects from his hotel room) and a user on the LAN at a site who is
connected through a site to site VPN. These are very different situations
from the user's (and the sysadmin's) point of view.

chrispsg wrote:
> Here is the explanation. At your main office use the DHCP server on
> one of your servers for the office clients. Install the Linksys box
> that is capable of the 30 tunnels at your main office.
>
> At the branch offices install the smaller linksys box and configure
> the VPN tunnel to the main office. This will create a connection from
> the branch to the main office.
>
> Once this is done DHCP requests will travel through this tunnel to
> the DHCP server at the main office and IP configuration will be
> assigned to clients.
> The term dialing in has been around for a long time and people may
> still use it to connecting to a VPN this does not mean you have to
> install modems or anything unless you want users to be able to access
> the VPN through POTS (plain old telephone system).
>
> You could allow the smaller linksys routers to hand out IP
> configuration at the branches since you have a small amount of
> computers at each location or just go with static IP's at the
> branches. This is up to you.
> psg
>
> "Cyphos" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> Hi Chris,
>>
>> Okay, I went through everything last night - and I guess I do have
>> some more questions that I hope you can help me with.
>>
>> I understand now about how tunneling works with the VPN and such, but
>> I'm not 100% sure how I will use this to tranfer DHCP information.
>> How does the remote office connect to the main office (via VPN) if it
>> doesn't have an ip configuration? Also too, I see many things about
>> "dialing-in" to connect to the VPN - what's this all about? Do I need
>> to purchase a modem or something?
>>
>> The confused.. :P
>> Cyp.

Cyphos,

I think you are worrying too much about the IP config of the
routers. Once the system is set up and the sites are connected and routing
through the link, the IP config of the public side of the routers is
irrelevant. As far as your WAN is concerned, they are invisible. The WAN
works just as if the sites were connected by simple (slow) IP routers. The
routing on the WAN works just like routing on a routed LAN.

The normal situation is that all branches have a route for the main
office subnet through the link. (And of course the main office has a route
to each branch subnet through the correct link). It is possible to route
between the branches via the main office if you really need that option. It
just requires two hops because there is no branch to branch link).

chrispsg wrote:
> Here is the explanation. At your main office use the DHCP server on
> one of your servers for the office clients. Install the Linksys box
> that is capable of the 30 tunnels at your main office.
>
> At the branch offices install the smaller linksys box and configure
> the VPN tunnel to the main office. This will create a connection from
> the branch to the main office.
>
> Once this is done DHCP requests will travel through this tunnel to
> the DHCP server at the main office and IP configuration will be
> assigned to clients.
> The term dialing in has been around for a long time and people may
> still use it to connecting to a VPN this does not mean you have to
> install modems or anything unless you want users to be able to access
> the VPN through POTS (plain old telephone system).
>
> You could allow the smaller linksys routers to hand out IP
> configuration at the branches since you have a small amount of
> computers at each location or just go with static IP's at the
> branches. This is up to you.
> psg
>
> "Cyphos" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> Hi Chris,
>>
>> Okay, I went through everything last night - and I guess I do have
>> some more questions that I hope you can help me with.
>>
>> I understand now about how tunneling works with the VPN and such, but
>> I'm not 100% sure how I will use this to tranfer DHCP information.
>> How does the remote office connect to the main office (via VPN) if it
>> doesn't have an ip configuration? Also too, I see many things about
>> "dialing-in" to connect to the VPN - what's this all about? Do I need
>> to purchase a modem or something?
>>
>> The confused.. :P
>> Cyp.