Question : Problem: 2003 server VPN VS Cisco pix router VPN

HI,

We have a Cisco Pix router and a 2003 SBS server with active directory. Is it better to use the VPN on 2003 domain controller or should we use the Cisco Pix router for VPN. WE have 10 users that need to use their laptops to connect to the network and use data on the NAS that we have. When they are in the office, they logon to the 2003 server and Using a logon script they get 3 mapped network drives which in on the NAS. They need to access the same data that is on the NAS when they connect through the VPN. I also would like to know how does the process of logging into the domain work if I use the 2003 server or if I use the Cisco router. I am not sure of the exact model of the Cisco router, but I am very sure that it has VPN options available. By the way we have dynamic IP ( high speed) that stays the same for at least 2 months, but thats something that I dont think it would make any difference in either case.

Answer : Problem: 2003 server VPN VS Cisco pix router VPN

I don't know much about the 2003 SBS server, but if it is your domain controller, you definitly don't want to expose that machine to the internet. And the port forwarding wouldn't be pretty either...

But I can tell you a little about cisco. Using the cisco box as your vpn endpoint is a good way to go. Like plemieux72 said, you would not have to use port forwarding, and it is already an accomplished firewall. The box itself is able to authenticate your users against their domain accounts and assign them rights as such. You can do this either directly from the box, or you can use Cisco Secure Access Control Server to control the box and the vpn authentication, and the ACS server would give you all kinds of logging options.

The Cisco VPN client works with the cisco box(and optional server) to establish pure IPSEC tunnels which are thought to be the most secure VPN method to date. And what's great about the client is that it can accept either a static address or a dns name for the vpn server (the cisco box at the office). This is good becuase you can a dynamic dns service to automaticly update the name with the correct ip address when your ISP changes it at the office, saving you some work. And the cisco box (and acs server) can work with the unknown endpoint addresses of your remote customer's ISP's. And both the client and server support NAT Traversal if any of your customers use broadband routers at home!!!

The client can also run before the user logs onto the computer. So if your user's home computers is part of the corporate domain, they would be able to log onto the corporate nework transparently and their drives and resources would be mapped as if they were sitting at work. Of course this is not the case of most home computers. But the client also allows you to run a script to map the drives when the VPN tunnel is established, and run another script the ummap the drives when the tunnel is torn down!!!

As you can tell I am very enthusiastic about cisco products, but only becuase they handle our VPN needs soo well. We have hundreds of users and its a cinch to build profiles so most of them can install the software and connect on their own!!

Random Solutions

Problem: Performance Issues on Small Business Server VPN

Problem: Core 2 Duo overheating

Problem: Bridged Network, Getting a IP PAKHEADER Error, please help

Problem: Laserjet 5550 Default setting

Problem: 'Bad or failing video memory' doesn't load my desktop on Toshiba Satellite laptop.

Problem: Is there a way to connect two usb headsets to the same PC

Problem: Transfering (PC to Mac) Via 2.0 USB External Hard Drive

Problem: Modem Driver Problem

Problem: nic teaming for smart load balancing

Problem: Apple/Mac Mini Disk Utility Restore - can not drag a drive-partition to restore line