We have a webserver which is hosted outside our office.
The firewall of the server limits the access (ssh, sftp, etc) by ip; only the public static ips of our office can access it.
Our problem is that the responsible person has to come to the office to work in case of emergency. We would like to find a solution to allow him to work without the location constraint.
Unfortunately our VDSL router (Zyxel P-870HN-51b) has not VPN capabilities.
We were simply thinking about buying a firewall (ZyXEL ZyWALL USG 40) and have it setup in our office so the remote employee would "get" a whitelisted public ip.
Is it a safe solution? Or would you advice something totally different?
You're website's security is partially dependent on your office's network security. You're talking about adding a means of making a remote connection into your office's network. Adding the VPN will provide a new attack vector (hacking the VPN logon or VPN device) so you'll be weakening your existing security.
That said, what you're proposing is a fairly standard configuration and functionality that VPNs are intended to provide. So take care with the VPN configuration and you should be OK.
Have you tried Dome9? http://dome9.com
They provide on-demand access from your local IP address, or you can send a invitation to a remote employee.
http://www.dome9.com/overview/secure-access-invitations
I've been using them for the past year. Haven't had any complaints.