Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Network setup advice requested

Old 08-11-04, 02:55 AM
  #1  
Senior Member
Thread Starter
 
Join Date: Jul 2000
Location: Take a guess
Posts: 897
Network setup advice requested

I'm looking for some general advice to set up a network for my small business. I know I'm probably asking some complicated questions, but I can figure out the fine details of settings on my own, so for now my questions relate to the best layout for setting everything up so I can better direct my own research in setting this up.

First, here is what I've got in my office:
1 Linksys VPN Router w/ the WAN port connected to my cable modem
1 Linksys WRT54G router w/ the WAN port connected to the VPN router
1 Dell Server running Windows 2003 Small Business Server - it's primary purpose is Exchange
3 PCs running XP Pro
2 Networked Printers
Cable Internet w/ dedicated IP
1 Hosted Website

At home I have:
1 Linksys WRT54G router
1 PC running XP Pro
1 HTPC running XP Pro w/ my MP3 library on it that I wouldn't mind being able to access from work

For mobile I use:
1 Notebook w/ wi-fi
1 Dell Axim PDA w/ wi-fi

Here is what I want to do and my questions:
1. Set up a VPN connection so that my home PC acts like it is on my office network. I have been told I will need to buy another matching Linksys VPN router for home, or set up a software VPN connection that doesn't use the Linksys VPN at all. It seems like the Linksys solution is easier, but the software solution may be necessary based on other things I want to do, such as:

2. I'd like to be able to set up VPN connections when I'm on business trips using my notebook and Axim.

3. I would like to host my web site from the server in my office, since I want to run Sharepoint. I know hosting via a cable connection is a problem, but I don't get a lot of traffic (maybe 20 visitors a day), and downtime is not a significant issue, so the cable connection shouldn't be a problem. Besides, it's only a temporary solution as I plan to move up to a T1 connection when I upgrade to IP telephone early next year. Does the server need to sit outside the Linksys router in order to host a website?

4. I'm a little worried that the firewall capabilities of my Linksys router are inadequate. I'm not really sure how to address this, other than possibly using my server as a firewall. But I'm worried about security, since Exchange has pretty sensitive client data on it.
TexasGuy is offline  
Old 08-11-04, 12:04 PM
  #2  
toq
Senior Member
 
Join Date: Mar 2003
Posts: 522
Let me preface my response by saying that I'm far from a networking expert so it's possible that I may not provide complete and correct answers. With that said, here are some quick observations and responses about your plan.

- What is the purpose of having both the Linksys VPN router and the Linksys WRT54G router? It seems to be redundant to have both of them installed, unless of course you need the WRT54G only for its wireless capabilities. In that case, you'll probably want to connect it to the VPN router using one of the LAN ports and not the WAN port.

- Due to requirement #2 in your post, a software VPN solution definitely seems to be the more cost-effective route to take. That is, unless, you don't mind investing in both a hardware solution at home and software solution for the road.

- You should be fine running the web server behind the Linksys router(s) as long as you forward the necessary ports used by the web server.

- Is there any particular reason that you believe the Linksys router will not provide enough security? I would think that the router would be sufficient for the size of your network. By default, it should block all incoming connections to your network. Protection on outbound connections from spyware or virus infections will have to be addressed at the desktop level. Provided you have some type of anti-spam and anti-virus server software to complement the Exchange server, I believe you will have addressed most of the security concerns.

- A backup/data recovery solution is always a recommendation since the Exchange server seems to be a crucial part of your business.

I hope that helps a little. Good luck.
toq is offline  
Old 08-11-04, 01:18 PM
  #3  
Senior Member
Thread Starter
 
Join Date: Jul 2000
Location: Take a guess
Posts: 897
toq, thanks for the reply.

Regarding why I have two routers, I started with the VPN router, then ran out of ports (needed 6 but the VPN router only had 4). The WRT54G has 4 ports the same as other Linksys routers, but I also got the wi-fi functionality as a bonus. I stand corrected on the connection, the VPN and wi-fi routers are connected via LAN ports, not LAN-to-WAN.

My primary reluctance to software-based VPN is that I have read that VPN is processor-intensive. My slowest PC is a P4 1.6 GHz with 512 MB RAM. My server is a P4 2.0 Ghz with 1 GB RAM.

There is no particular reason I think the Linksys firewall is inadequate. I've just read a lot of message board posts on security boards expressing concerns that Linksys' firewall may not be adequate protection due to something about it not being a "true" firewall.

For Anti-virus, I use Norton currently, but plan to migrate to Trend Micro over the next few months. I understand Trend Micro does not have a server solution, however.

I do backup via CDRW on the server, since I didn't have the budget to add a nice tape backup last year. That is something I hope to address sometime next year.
TexasGuy is offline  
Old 08-11-04, 02:24 PM
  #4  
toq
Senior Member
 
Join Date: Mar 2003
Posts: 522
Originally posted by TexasGuy
My primary reluctance to software-based VPN is that I have read that VPN is processor-intensive. My slowest PC is a P4 1.6 GHz with 512 MB RAM. My server is a P4 2.0 Ghz with 1 GB RAM.
I believe you're right since your machine will be involved in encrypting the data during the VPN connection. However, I don't think it should be much of a concern since your machines are powerful enough that the performance hit should not be significant. If anything, the encryption process would slow down your VPN connection. As long as the Linksys VPN router is capable of handling the number of VPN connections you plan to use, you should be fine.
There is no particular reason I think the Linksys firewall is inadequate. I've just read a lot of message board posts on security boards expressing concerns that Linksys' firewall may not be adequate protection due to something about it not being a "true" firewall.
This could be in reference to higher-priced firewalls with "stateful inspection" capabilities and extra features like logging and auto-notification alerts. You're certainly free to upgrade to another router if you feel you need more features but I believe, your existing Linksys router will prove to be effective. As long as you disable any remote administration functions and open up only the incoming ports necessary to function, you should be fine.
For Anti-virus, I use Norton currently, but plan to migrate to Trend Micro over the next few months. I understand Trend Micro does not have a server solution, however.
Actually, if it's in your budget, I do believe that TrendMicro's Client/Server/ Messaging Suite for SMB might suit you well if that's the direction you're moving.
I do backup via CDRW on the server, since I didn't have the budget to add a nice tape backup last year. That is something I hope to address sometime next year.
As a matter of convenience, it's nice to be able to automate backup sessions without your presence. However, your current solution works for you, I'm certainly not going to knock it.
toq is offline  
Old 08-12-04, 04:44 PM
  #5  
Senior Member
Thread Starter
 
Join Date: Jul 2000
Location: Take a guess
Posts: 897
I think you're probably right that a software firewall solution would be better. I just realized that my Linksys VPN router may not even work if I upgrade to a T-1 line next year, so my current choice looks like either going with a software VPN or buying an entirely new hardware-based VPN solution for the office.

The Trend Micro suite looks like exactly what I need. It's actually slightly cheaper than upgrading my five PCs + server via Norton. Thanks for the recommendation.
TexasGuy is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.