Hey All,

I have a project and i have to setup VPN connection (with ipsec) between Head office and 3 other brunches.

Also i have to install Citrix server in Head office and unable pple from other brunches to connect to head office and run point of sale application.

I havent done any vpn with ipsec or Citrix. Thus i dont really know where to start, does anyone knows some good resources that could help achieving it.

How long could something like that take? (head office and brunches are located in the same city)Head office is running 2003, brunches are running 2003 and WinNT 4. Head office has Cisco PIX firewall


cheers

NT4 doesn't do ipsec. Need Win2k minimum or Linux.

It's easy with the PIX. Use the PDM web interface and run the VPN wizard (or configure everything manually if you are familiar with the unit). Set it up to use IPSec with the Cisco client. Then distribute the Cisco VPN Client software that should have come with your PIX. You can either set up usernames and passwords within the PIX itself, or have it query your Win2k3 server as a RADIUS server and just use your domain accounts.

This will work if your users only need to connect to VPN when they need something from a remote network. If you are talking about creating permanent links, you can do it this way (have a server on your network create a VPN connection, then use that machine as a proxy to your other networks), but the right solution to this sort of networking is to purchase dedicated connections through a provider like Sprint or AT&T.

Do you have a service contract with Cisco for your PIX? It's about $1000 per year, and is worth every single penny. If you don't have a service contract, you won't be able to get their assistance setting up your VPN network, but if you have the contract, they will pretty much set up the entire thing for you if you want. They have superb support.

Thanks for ur replys,

Ok, i want to setup permanent link between brunches, (looks like i will have to upgrade 2 brunches to win 2003 servers) We will have frame or fibre connection (no additional costs for bandwidth ) I rather want to do it myself as its part of my graduatiions project, and i will have to write documentation as well.

If you plan on creating a permanent, private link between branches using frame relay, you do not need to upgrade your servers to Win2k3 (though it's not a bad idea anyway). The connection will not need VPN since they will not be routed through the Internet. You don't even need a firewall on those connections, so you can put your PIX on a dedicated Internet line and feed all your branches through your frame cloud to the Internet through the PIX.

The only reason you would use VPN is if all four branches were going to connect to each other using the Internet. That's not a great solution at all, especially if you are just going to put your Windows servers on the Internet and have them maintain your VPN connection.

Regarding the PIX, I'll say this: programming a Cisco firewall, or any piece of Cisco equipment other than a basic switch, is not for the faint of heart. A service contract is highly recommended even for experienced users.

thanks for reply,

Ok so basically, at the moment each branch is running POS (point of Sale) software off own standalone SQL server. Each branch has ADSL connection to the internet with a static IP address.

At head office we have brand new servers, PIX etc. What i have to do is unable all branches to run POS application of the server at head office(using Citrix). (maybe in future more applications) Also i want to be able to connect from head office to any brunch (remote support and resourse sharing)

So what you do you reckon would be best solution.

Thanks

Build yourself a wide-area frame relay network and route everything through your home office (so you won't need those DSL connections at each store).

After that, you can do the things you mentioned with ease.