Totally clueless

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by MaxSands, Aug 24, 2005.

  1. MaxSands

    MaxSands Network Guru Member

    Forgive me for my amateuresqueness and lack of some of the VPN fundamentals but I thought I would give this a shot.

    Currently users from my church access a database on a remote server via Terminal Services. This includes information such as finances and other items that I feel should be secure. Now unless I am mistaken, Terminal services is not the most secure connection and also leaves a big hole for accessing the server.

    I am playing around with an idea of having each of the users VPN into an RV042 that I have but don't really know its abilities/limitations, and then once the secure tunnel is built, have the users use the terminal services to access the server. Some problems I forsee is that of all the users have broadband but various ISPs with dynamic IP addresses. They all will want to have their regular internet connection and LAN IP addressing scheme when not connected to the VPN. I am debating between a static IP and DynDNS (I don't know if this would really matter either way so it might be a mute point). Also, what would be the best client for each of the users to work with? The server is a Windows 2003 box if it matters. There are no other services used at this time besides the database (web server, etc).

    I know I am forgetting a lot more pertinent information but I figure this will get the thread kicking. I guess I am looking for assistance on making this work and whether or not it is the right solution. Thank you for any help you have
  2. tnadolecki

    tnadolecki Network Guru Member

    VPN in general works from any destination, that's why it implements authentication so your idea should work, VPN will give your users pretty much same access as they were connected to your local network (in this case your router will assign the local IP address for them), but there might be some limitations. It depends on how your clients access the terminal, what protocol etc...Worth a try...
  3. MaxSands

    MaxSands Network Guru Member

    would QuickVPN work well enough for the users in this situation? and is Terminal Services secure when used by itself. Am I nutty to think it is unsecure?
  4. TheIxian

    TheIxian Network Guru Member

    well, good luck getting QuickVPN working. I am having some major issues with it on an RV042 at the moment myself. The problem is getting the dang thing to stay connected for any length of time. I have, however, got the gateway-to-gateway vpn working on this device and it is rock solid. I have used other RV042s as well as IPCop (linux firewall distro) to connect to it, both work equally well.

    As for the security of Terminal Services...Microsoft actually has a pretty good track record when it comes to vulnerabilites in TS; that is, there have not been many at all. (this is most likely because they did not design it, Citrix did....)

    Anyway, the major vulnerability with TS is the usernames and passwords on your TS server. And, of course, information send over the TS port is not encrypted so it is possible that it could be intercepted and relatively easy to read.
  5. DocLarge

    DocLarge Super Moderator Staff Member Member

    Yes, you can use quickvpn in order to allow some of your members to connect. Once you establish your vpn connection, you can then use terminal services to connect "though" the terminal to whatever node you want to manage.

    I noticed in your post that you'd stated "users" were using terminal services to access databases on particular computers. You'll probably want to cut that out "with a quickness..." Users should "never" have access to terminal services. Another acceptable fix would be configuring RRAS on your 2003 server, but that requires a "little" more overhead, therefore if you don't have more than "5" users needing remote access (this is the default number allowed on the WRV54G), then quickvpn should be your choice, namely because it's free!!!

    For configuration, just check out the link below:

    This guide works for the WRV54G and the RV0XX models that currently support the Linksys Quickvpn client. If you have any troubles, there's more than enough people who'll volunteer to help. In the last 3 months, this little guide has helped get a lot of "jaded" quickvpn users access to vpn; there's no reason why things should be any different for you! :)

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice