To help readers follow the
instructions in this article, we used
two different typefaces:
type is used to identify the names of
icons, agendas and URLs.
Sans serif type shows the names of
files and the names of commands and
instructions that users should type into
echnology is shortening the daily
office commute and providing a secure and economical link to
clients, customers and satellite offices. With just a few
keystrokes from a remote location with Internet access, users
can link to an office network so that, for all intents and
purposes, they’re virtually working in that office. Not only
is such a link relatively inexpensive, it provides enhanced
Does such a link require the
installation of a hot, new, expensive technology that requires
intensive training of the organization’s staff and information
technology experts? Not at all, thanks to virtual private
network (VPN), a technology that actually has been around
since the mid-1990s but failed to gain popularity because the
accounting profession has been slow to adjust to both advanced
technology and, oddly enough, to modern management styles. In
those “old” days, VPN was still considered high-tech, thus
keeping technophobic managers at bay. Also, many
older-generation managers distrusted telecommuting, believing
that those working out of the office would be laggards and
beyond their control. Many of today’s managers now recognize
both the efficiencies and economies of telecommuting.
PRIVATE AND PUBLIC LINKS
A VPN is essentially a software or hardware bridge for
connecting a remote user to a company’s local area network
(LAN), which is a private network, via the Internet, which is
a public network. And it does this without compromising
privacy. VPN applies protocols for encapsulating and
encrypting data flowing between a LAN and a remote computer.
The result: It’s as secure as the LAN itself.
also is far less expensive to set up and operate than its
alternative—leased data lines, which would cost, depending on
the distance and transmission speed, from a couple of hundred
dollars a month to a couple of thousand.
COST AND COMPLEXITY
The cost of a VPN setup depends on how much special
hardware is needed and the type of VPN connection desired.
Most offices with networks already own most of the necessary
components, which include a server (the computer that manages
network resources), a router or switch (to distribute files
within the network) and a firewall (software or hardware to
prevent unauthorized access into or from the network). Most
VPN implementations use software set up within the firewall.
Also required is an Internet connection. A broadband
connection, such as a digital subscriber line (DSL) (from an
Internet Service Provider (ISP)) or cable (from a television
cable company), is sufficient. A dial-up account is too slow
to be usable unless you are deploying special linking software
such as Citrix or Microsoft Terminal Server. However, those
remote-access solutions are more expensive to implement and
maintain. The ISP also must provide a static Internet Protocol
(IP) address—a permanent Internet address.
A VPN can
be configured for three types of connections:
Remote access. This links a remote
user to an organization’s network via its server or desktop
PCs and provides full network access from any place with an
Internet connection. The user could, among other things,
create documents or update an appointment calendar—in short,
accomplish any on-site computer-related task. This is the
simplest type of VPN to set up.
Intranet connection. This links two or
more offices while providing each with access to the
organization’s network. Such a connection allows data to be
stored and shared from a single access point (the main office)
as opposed to maintaining separate and often duplicate
information on every satellite office server. A retailer, for
example, could maintain a single database of inventory
accessible by all remote locations. This arrangement is more
complicated and usually requires a consultant to do the setup.
Extranet. Such a link provides secure
access directly to another LAN. An accountant could make
adjustments to a client’s books instead of relying on the
client to post them. This setup also is complex and may
require a consultant.
SO WHAT’S THE PRICE TAG?
Assuming a small organization (up to 10 users) has the
basic hardware (a LAN, a router and a firewall) and would
rather engage a consultant to set it up, the cost can range
between $30 and $50 per user. A midsize organization (11–50
users) that wants to connect two remote offices would have to
spend between $800 and $1,200. Large operations would pay
$2,000 and up. Pricing for installation of these services can
vary depending on your location. It doesn’t take extraordinary
technical skill to set up a basic VPN configuration as you’ll
see in “ Setup Time ,” at right;
however, it is strongly recommended that any remote-access
installation be set up by an experienced consultant to make
sure all security aspects are given consideration.
Once your VPN is set up, not only will staff members be
able to telecommute, but any data stored on the network will
be immediately available to all the remote users and any data
the remote users produce will be immediately available on the
network. That alone will generate huge savings in effort and
time, and you’ll wonder why you waited so long.
| ||Setup Time |
How to Set Up a Basic VPN Link
Begin by clicking on Start, All
Programs, Accessories, Communications, New
Connection Wizard .
Then click on Next
and select Set up an advanced
connection . Click on Next
and select Accept incoming
connections . Click on Next
. Do not select any
Click on Next
and select Allow virtual private
connection . Click on Next
and select the user accounts you want to
allow access to your PC. Click on Next
and highlight the Internet Protocol
. Click on Properties and
make sure there is a check next to Allow
callers to access my local area network .
Now you must select how
remote computers will get IP addresses. Generally,
selecting the first option—assigning the addresses
via DHCP (Dynamic Host Configuration Protocol)—is
sufficient. DHCP is a communications protocol found
on most networks; it allows network administrators
to manage and automate the assignment of IP
addresses in an organization’s network. DHCP allows
devices to connect to a network and be automatically
assigned an IP address. If you are currently on a
network, this service is probably already running.
However, if you click on Specify TCP/IP
, make sure the range you select follows
the same IP scheme as your server. To check the IP
scheme for your computer, see the steps found under
“How to Check Your IP Address Configuration” at the
end of these instructions. When done, click on
OK , Next and
then on Finish .
server is now ready for access. Before going online,
however, make sure the computer designated as the
VPN server has a static IP address and test its
security level. Such testing can be done for free
through ShieldsUp, a security testing service
located on Gibson Research Corp.’s Web site (
Step by Step
Here are the
steps to create a VPN connection on your office
network or a client/customer’s network.
Begin by clicking on Start, All Programs,
Accessories, Communications . Select
New Connection Wizard , click on
Next , and select Connect
to the network at my workplace . Click on
Next and select Virtual
Private Network connection .
Click on Next and type in a name
for the connection (for example, Office ).
Click on Next
and select Do not dial the initial
connection . Click on Next
and type in the IP address of the VPN
server you wish to connect to (this should be the
external IP address of the computer or firewall
assigned by your ISP).
Click on Next
, and if prompted, choose either
Create this connection for anyone
or My use . Click on
Next and place a check at
Add a shortcut to this connection on my
desktop and click on Finished
Click on Start
, highlight Connect to and
then select Show all connections .
Under Virtual Private
Network find your VPN connection (Office
or the name you provided). Highlight the connection,
right-click on it and select Properties
Click on the Networking
Tab and double-click on the
Internet Protocol (TCP/IP) .
|Caveat : While a VPN provides
an inherently secure connection to your
office network, failure to maintain security
safeguards could expose your network to
hackers. However, proven security measures
are available to make your system safe. Such
measures include the use of strong
The setups discussed in this
article use the TCP/IP protocol, the same
protocol used on the Internet. For
additional security, protocols such as
IPX/SPX or NetBuei can be used.
Click on Advanced
and uncheck Use default gateway on
remote computer to prevent Internet
access issues while using the connection.Click on
OK and close all the open windows
to return to the desktop.
Double-click on the shortcut
and enter the User name and Password (from the list
of users you allowed access to during the VPN server
setup). Then click on Connect .
During the setup, make sure you use the VPN
server or firewall’s external IP address as assigned
by your ISP. If the selected computers are behind a
firewall, make sure you enable IP Protocol 47 (GRE)
and TCP port 1723 in the firewall configuration.
Finally, if the computers are behind a
firewall/router, you may have to enable port mapping
to the VPN server’s IP address. You’ll need to
consult your equipment documentation because the
instructions will vary depending on the equipment.
Once again, be sure to test the installation for
How to Check Your IP Address Configuration
Click on Start ,
Run and type CMD or command at
and a command window will open. Type
ipconfig and press Enter . A list
of items will be displayed similar to the following:
Note that the IP address
scheme on your network may vary from the above
example. The range generally will be the first three
sets of numbers and the last set will be between 0
and 255. For this example, the IP address range is
from 192.168.1.0 to 192.168.1.255.
James P. Davis,
CPA/CITP, is a senior accountant of Colby & Co., PLC,
a public accounting and consulting firm in Chesapeake, Va.
His e-mail address is