Most of the VPN resources and products I have looked at seem to cater well for client-server and site-site models in a regional office or roadwarrior scanario. This assumes that hardware/software can be procured and deployed at each site.
I am deploying an extranet application (SQL/IIS) for a handful of companies. They have a mix of firewalls and routers in place but do all use windows servers and clients.
If there were dozens of companies then maybe publishing the IIS server in a DMZ and using SSL would make sense but as the number of companies is so low I thought http over site-to-site vpn tunnels would be the best option to avoid publishing the web server at all. As deploying hardware at each site creates barriers for expansion, extra cost and ownership issues I'd prefer to avoid.
AS a relative newbie to VPN , does the above seem a valid approach?
If its not possible to deploy hardware at each company is there any device I can put in front of the server that will support the following connections for 50-100 users (total) with decent performance:
1a)Site-to-site VPN to Smoothwall Corporate Server (6 users) or 1b)6 Client-server VPNs passsing thru Smoothwall Corporate Server 2)2 Site-to-site VPN to Win ISA 2000 Server (25 users each) 3)2 Site-to-site VPNs to Win 2K Server (6 & 8 users) 4)Site-to-site LAN Connection to Cisco 831 Router (25 users)Please advise.thanks hals_left