Well, if you have a Cisco ASA, I believe there's a web-based VPN client that will allow your users to connect anywhere and then they can RDP from there. I certainly would not allow unecrypted RDP on my network!
-----Original Message----- From: Jeff Johnson [mailto:[email protected]] Sent: Friday, December 18, 2009 11:00 AM To: NT System Admin Issues Subject: RE: Need more IP addresses TOTALLY agree on this one. Luckily I only have 5-6 people that ever work from home. This is the President, CFO, VP, Op's manager, Sales manager and myself. The IT guy before me decided it was easier to go to each person's house and reconfigure their network rather than changing ours. When I took over, I introduces everyone to a wonderful tool, Outlook Web Access!!!!! The main program we use everyday also allows anywhere access, which management uses all the time. Now, I don't really give a rip where/when these users want to work. Luckily, we have a block of 126 public IP's and I have assigned certain users some of these IP's via NAT. Now my question to everyone, I do allow RDP. What are everyone's thoughts? I was doing VPN, until most of my execs jumped onto the Apple wagon. I never had a good Apple VPN client. I require all RDP users to have fairly strong passwords setup. Jeff Johnson Systems Administrator 714-773-2600 Office 714-773-6351 Fax -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, December 17, 2009 4:49 PM To: NT System Admin Issues Subject: Re: Need more IP addresses Oh, yeah - one more thing: I don't know if you have anyone working remotely - especially from home, but if you do, you might want to consider using a different address space. Many, many, many consumer products use either 192.168.0.0/24 or 192.168.1.0/24 as their default networks, and people at home tend not to change them, or even know *how* to change them. If you have people working from home, and control enough of your network to do this, I'd change your internal addressing to almost any other RFC 1918 scheme. For instance, 192.168.189.0/24, or 10.0.154.0/24, or something like that. The reason is that if someone at home has 192.168.1.0/24 for their network, and you have 192.168.1.0/24 on your network, there may well be difficulties with a VPN setup. Some of this problem is mitigated by newer VPN appliances and software clients, but knowing that it can be an issue is about halfway to fixing the problem should it arise. Of course, if nobody works from home, this is not an issue at all. Kurt On Thu, Dec 17, 2009 at 12:49, Jeff Johnson <[email protected]> wrote: > > I am in need of more IP addresses on my network. > > > > My current network looks like this: > > 192.168.1.x > > 255.255.255.0 > > > > I am using 248 IPs currently, so I have very little expansion available. I do > see the potential to increase in the following year, so I had better get my > butt thinking about this soon. Plus I have Christmas and New Years holidays > that I could work with no one on our network for 3 full days. > > > > I am thinking about changing my subnet to something like 255.255.254.0 or > 255.255.252.0. Would this be a good way, or would I be better adding an > additional router and just creating a new 255.255.255.0 network on > 192.168.2.x? > > > > I guess my question is which is the correct way? > > > > Jeff Johnson > > Systems Administrator > > 714-773-2600 Office > > 714-773-6351 Fax > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
