Question : Hardware or software based VPN to log onto AD?

Objective: I want to implement VPN to let users access to home folder and shared folders from outside the home network. Users should be able to connect to the domain from the login screen using "connect using remote connection" so that login scrips and GPO`s will apply. VPN has to be able to take advantage of the available bandwith.

Running AD with one site and 2x Windows 2003 Server Standard.
The internet connection is 10Mbit SDSL.
No more than 10 users connecting through VPN at any given time. 40 users would have access.
Server with available resources; HP ML310 with 2Gb RAM and 2x72Gb mirrored.

Should I just set this up on server 2003, or should I get a hardware based vpn solution? Price is most definitely an issue..

Would a 2003 server with hardened security be just as capable security-wise as a hardware based solution? What hardware based solutions would be decently priced for this task?

Answer : Hardware or software based VPN to log onto AD?

If you want GP and logon scripts applied it limits your options. Assuming you are planning on using a VPN client, and not a hardware VPN router at each site, you will need a VPN client that can establish a connection before logon. The windows VPN client can do this. To do so the client PC must be a member of the domain. If it is, then at logon there is a check box option to connect using a dial up connection. Selecting this will allow you to choose the VPN connection and establish the connection first so that the user can authenticate to the domain, and have GP and logon scripts applied. Detailed instructions for the server and VPN client can be found at the following link under VPNs/Windows
http://www.lan-2-wan.com/

If you are looking for the best performance and security, a hardware VPN solution would be the better option. This will give you better security by using IPSec, instead of PPTP and moving the VPN connection to a perimeter device, as well as slightly better performance due to having a dedicated device to handle encryption and decryption. However, to allow GP and logon scripts it will also need to be able to connect before logon. I believe Cisco is one of the few that will do this. A basic ASA5500 unit for about $500 should do the trick, but it will limit you to a maximum of 10 simultaneous VPN connections. More connections can be had for more money.
Random Solutions  
 
programming4us programming4us