VPN Solutions

Currently, I have a remote office connected to the main office via a VPN
between two routers (Linksys RV042 at main and Netgear FVS318 at remote).
Everything in the main office uses the Linksys as the default gateway.
Everything in the remote office uses the Netgear as default gateway. The
Linksys also serves as a PPTP server for laptops away from the office. What
I have found is that the Linksys for some reason isn't passing Group Policy
traffic through the internal PPTP server. My question is if I enable RRAS on
one of my 2003 Ent servers for the remote access portion for laptops, will
this completely change my network layout? Will I have to have a RRAS box at
the remote office and the VPN between the two hardware routers be thrown
out? Any help appreciated. Thanks!

Rob

Rob,
You won't be able to process Computer policies on the laptops because the
VPN is not established when they are starting up.
User policies may be blocked by the Slow Network detection.
Anthony,
http://www.airdesk.co.uk




"Rob" <(E-Mail Removed)> wrote in message
newsDAF3A3D-C351-403E-ABF9-(E-Mail Removed)...
> Currently, I have a remote office connected to the main office via a VPN
> between two routers (Linksys RV042 at main and Netgear FVS318 at remote).
> Everything in the main office uses the Linksys as the default gateway.
> Everything in the remote office uses the Netgear as default gateway. The
> Linksys also serves as a PPTP server for laptops away from the office.
> What I have found is that the Linksys for some reason isn't passing Group
> Policy traffic through the internal PPTP server. My question is if I
> enable RRAS on one of my 2003 Ent servers for the remote access portion
> for laptops, will this completely change my network layout? Will I have to
> have a RRAS box at the remote office and the VPN between the two hardware
> routers be thrown out? Any help appreciated. Thanks!
>
> Rob

Yeah, I've already ruled out the slow network detection setting. I messed
with the setting for days adjusting it up and down with no results. I had to
put in a DC at the remote site just for those computers to receive policy
updates. We are adding another office. This will only have one computer for
right now. Should I just have that computer do a manual VPN connection like
the laptops, or go ahead and invest in another VPN endpoint router?

Rob

"Anthony [MVP]" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Rob,
> You won't be able to process Computer policies on the laptops because the
> VPN is not established when they are starting up.
> User policies may be blocked by the Slow Network detection.
> Anthony,
> http://www.airdesk.co.uk
>
>
>
>
> "Rob" <(E-Mail Removed)> wrote in message
> newsDAF3A3D-C351-403E-ABF9-(E-Mail Removed)...
>> Currently, I have a remote office connected to the main office via a VPN
>> between two routers (Linksys RV042 at main and Netgear FVS318 at remote).
>> Everything in the main office uses the Linksys as the default gateway.
>> Everything in the remote office uses the Netgear as default gateway. The
>> Linksys also serves as a PPTP server for laptops away from the office.
>> What I have found is that the Linksys for some reason isn't passing Group
>> Policy traffic through the internal PPTP server. My question is if I
>> enable RRAS on one of my 2003 Ent servers for the remote access portion
>> for laptops, will this completely change my network layout? Will I have
>> to have a RRAS box at the remote office and the VPN between the two
>> hardware routers be thrown out? Any help appreciated. Thanks!
>>
>> Rob
>

It depends on the circumstances. You could either create a site to site VPN;
or use an SSL VPN to give them access to the network.
Anthony,
http://www.airdesk.com


"Rob" <(E-Mail Removed)> wrote in message
news:CC550FCE-0739-4E30-BF95-(E-Mail Removed)...
> Yeah, I've already ruled out the slow network detection setting. I messed
> with the setting for days adjusting it up and down with no results. I had
> to put in a DC at the remote site just for those computers to receive
> policy updates. We are adding another office. This will only have one
> computer for right now. Should I just have that computer do a manual VPN
> connection like the laptops, or go ahead and invest in another VPN
> endpoint router?
>
> Rob
>
> "Anthony [MVP]" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
>> Rob,
>> You won't be able to process Computer policies on the laptops because the
>> VPN is not established when they are starting up.
>> User policies may be blocked by the Slow Network detection.
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>> "Rob" <(E-Mail Removed)> wrote in message
>> newsDAF3A3D-C351-403E-ABF9-(E-Mail Removed)...
>>> Currently, I have a remote office connected to the main office via a VPN
>>> between two routers (Linksys RV042 at main and Netgear FVS318 at
>>> remote). Everything in the main office uses the Linksys as the default
>>> gateway. Everything in the remote office uses the Netgear as default
>>> gateway. The Linksys also serves as a PPTP server for laptops away from
>>> the office. What I have found is that the Linksys for some reason isn't
>>> passing Group Policy traffic through the internal PPTP server. My
>>> question is if I enable RRAS on one of my 2003 Ent servers for the
>>> remote access portion for laptops, will this completely change my
>>> network layout? Will I have to have a RRAS box at the remote office and
>>> the VPN between the two hardware routers be thrown out? Any help
>>> appreciated. Thanks!
>>>
>>> Rob
>>

"Rob" <(E-Mail Removed)> wrote in message
newsDAF3A3D-C351-403E-ABF9-(E-Mail Removed)...
> Currently, I have a remote office connected to the main office via a VPN
> between two routers (Linksys RV042 at main and Netgear FVS318 at remote).
> Everything in the main office uses the Linksys as the default gateway.
> Everything in the remote office uses the Netgear as default gateway. The
> Linksys also serves as a PPTP server for laptops away from the office.
> What I have found is that the Linksys for some reason isn't passing Group
> Policy traffic through the internal PPTP server. My question is if I
> enable RRAS on one of my 2003 Ent servers for the remote access portion
> for laptops, will this completely change my network layout? Will I have to
> have a RRAS box at the remote office and the VPN between the two hardware
> routers be thrown out? Any help appreciated. Thanks!

The RRAS box would be fine and would not change the topology for Remote
Access VPN because the Clients still get a valid IP# for the same IP Segment
when they connect. The RRAS box would change the topolgy and open a can of
worms if it was a Site-to-site VPN,..but that is not what you are doing with
it and is not what you asked.

Hownever the Clients will have the GPO problems because of the reasons
Anthony said. One thing they need to do is check the box on the
Ctrl-Alt-Del screen that says "Log on with dial up connection". Then choose
the dialup (VPN) connection during the login. This recreates (as best as
possible) a normal Domain Login. But you can still suffer from too slow a
link speed, again, as Anthony menitoned.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Yeah, but as far as I can tell, they can't use that option. The vpn router I
use is a Linksys RV042 that has a built in PPTP server. I tried to mess with
the Linksys Quick VPN utility, but talk about a mess. I could get it to
connect, but that's it. I never could get it to browse the corporate
network.

Rob

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
>
> "Rob" <(E-Mail Removed)> wrote in message
> newsDAF3A3D-C351-403E-ABF9-(E-Mail Removed)...
>> Currently, I have a remote office connected to the main office via a VPN
>> between two routers (Linksys RV042 at main and Netgear FVS318 at remote).
>> Everything in the main office uses the Linksys as the default gateway.
>> Everything in the remote office uses the Netgear as default gateway. The
>> Linksys also serves as a PPTP server for laptops away from the office.
>> What I have found is that the Linksys for some reason isn't passing Group
>> Policy traffic through the internal PPTP server. My question is if I
>> enable RRAS on one of my 2003 Ent servers for the remote access portion
>> for laptops, will this completely change my network layout? Will I have
>> to have a RRAS box at the remote office and the VPN between the two
>> hardware routers be thrown out? Any help appreciated. Thanks!
>
> The RRAS box would be fine and would not change the topology for Remote
> Access VPN because the Clients still get a valid IP# for the same IP
> Segment when they connect. The RRAS box would change the topolgy and open
> a can of worms if it was a Site-to-site VPN,..but that is not what you are
> doing with it and is not what you asked.
>
> Hownever the Clients will have the GPO problems because of the reasons
> Anthony said. One thing they need to do is check the box on the
> Ctrl-Alt-Del screen that says "Log on with dial up connection". Then
> choose the dialup (VPN) connection during the login. This recreates (as
> best as possible) a normal Domain Login. But you can still suffer from
> too slow a link speed, again, as Anthony menitoned.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

"Rob" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yeah, but as far as I can tell, they can't use that option. The vpn router
> I use is a Linksys RV042 that has a built in PPTP server. I tried to mess
> with the Linksys Quick VPN utility, but talk about a mess. I could get it
> to connect, but that's it. I never could get it to browse the corporate
> network.

Of course they can use that option,...if this is a Remote Access VPN that is
being done correctly.

I think you are confusing a Site-to-Site VPN (aka Router-to-Router VPN) -vs-
a Remote Access VPN and may be "mixing" the two methods together.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

In a sense, that's what I am trying to do. I want to maintain the link
between the two offices using the hardware vpn appliances that I am using
now. But, I want remote users (laptop users) to connect to a RRAS server
instead of the pptp server in the linksys box. The benefit is that if the
laptop users connect to the RRAS box, they can use the "log on using dialup
connection" when they first boot xp to obtain policy updates. As of right
now, I have to manually create users in the linksys pptp server with a
password. They list of users and passwords has no relation to active
directory. So, it's a bit of a pain to for the laptop users to use that log
on option with the username/password combo I created in the linksys box. Do
you see my dilemma? Can a RRAS server be used in conjunction with the
linksys router (linksys router maintaining site-to-site link between offices
and RRAS maintaining connection for laptop users)?


Rob

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Rob" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Yeah, but as far as I can tell, they can't use that option. The vpn
>> router I use is a Linksys RV042 that has a built in PPTP server. I tried
>> to mess with the Linksys Quick VPN utility, but talk about a mess. I
>> could get it to connect, but that's it. I never could get it to browse
>> the corporate network.
>
> Of course they can use that option,...if this is a Remote Access VPN that
> is being done correctly.
>
> I think you are confusing a Site-to-Site VPN (aka Router-to-Router
> VPN) -vs- a Remote Access VPN and may be "mixing" the two methods
> together.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

"Rob" <(E-Mail Removed)> wrote in message
news:8F366700-6F71-4D23-A806-(E-Mail Removed)...
> In a sense, that's what I am trying to do. I want to maintain the link
> between the two offices using the hardware vpn appliances that I am using
> now. But, I want remote users (laptop users) to connect to a RRAS server
> instead of the pptp server in the linksys box. The benefit is that if the
> laptop users connect to the RRAS box, they can use the "log on using
> dialup connection" when they first boot xp to obtain policy updates. As of
> right now, I have to manually create users in the linksys pptp server with
> a password. They list of users and passwords has no relation to active
> directory. So, it's a bit of a pain to for the laptop users to use that
> log on option with the username/password combo I created in the linksys
> box. Do you see my dilemma? Can a RRAS server be used in conjunction with
> the linksys router (linksys router maintaining site-to-site link between
> offices and RRAS maintaining connection for laptop users)?

You need to throw out that whole idea and just let the Site-to-Site VPN work
like a WAN link like it is supposed to do.

Then you need to make sure that the Laptops (and any other machine) can
properly identify, resolve, and route to whatever DC is the correct DC for
the particualr machine in question. If it has to go over the VPN to
acomplish that,...fine,...if it does not have to go over the VPN,...fine.
It just has to reach the correct DC,..it doesn't matter where it is just as
long as it can get there properly. So,...if that is not happening,...then
that is the way it has to be approached,...it is not a matter of monkeying
around with multip-VPN types at the same time.

But at this point there is no way to give any other suggestions because I am
totally "blind" here concerning the Domain Structure and DNS Scheme of the
over-all network with all the sites combined.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Rob,
can I suggest you have a look at our RAS service ('www.accessmylan.com
(http://www.accessmylan.com)) a hosted VPN that will give you th
functionality you want (as I read it) - Integrate with active director
for authentication (same password on VPN an AD) without changin
anything on your site-to-site link. There is a free trial available s
you can be 100% sure that it work

--
mmcmulli
-----------------------------------------------------------------------
mmcmullin's Profile: http://forums.techarena.in/members/mmcmullin.ht
View this thread: http://forums.techarena.in/server-networking/1090618.ht

http://forums.techarena.i