Local and Remote Network Connections

  • Article

As network administrator of the branch office, you want to configure a few individual clients for access to the corporate network to send and receive e-mail, install software updates, transfer files, and otherwise access network servers and company-wide resources.

You can create a virtual private network (VPN) connection from one of the branch offices clients that tunnels through the Internet (using PPTP) to the corporate network by using a VPN connection. It is a safe, secure way of connecting directly to the corporate network from a computer on the branch office network. Figure 21.19 shows how one client on the office intranet is connected to a corporate network by means of a PPTP tunnel.

Cc978192.prcg_26(en-us,TechNet.10).gif

Figure 21.19 Connect a Branch Office Client to the Corporate Network Using a VPN Connection

note-icon

Note

Do not create a VPN connection to the corporate network from the ICS computer. If you do, then by default all traffic from the ICS computer including traffic from intranet clients will forwarded over the VPN connection to the corporate network. This means that Internet resources will no longer be reachable and all the branch office computers will be sending data over a logical connection created with the credentials of the ICS computer user, a questionable security practice.

The first time you launch a new VPN connection, it takes a few moments to connect using L2TP and IPSec, and then tries to connect using PPTP. Subsequent connections do not take as long because the VPN connection memorizes which VPN protocol was successful for the initial connection.

After the VPN connection is made, the client on the branch offices intranet has access to the shared resources (such as file servers and printers) on the corporate network.

note-icon

Note

While the client computer is connected to the corporate network using VPN, the client is logically disconnected from the Internet unless the corporate network provides its own Web access. To access the Web through the corporate network, a branch office client must be configured to use the rules established for Web access from the corporate network. For example, many corporations use a proxy server. In this scenario, you need to configure the clients browser to use the corporate proxy server to access the Web. You can configure Internet Explorer to use specific proxy settings with specific Internet connections. After doing so, the client computer can easily shift between accessing the Internet by using the shared connection on the ICS computer, or accessing the Internet through a VPN connection to the corporate network.