Is there a good solution for this scenario?

My customer currently sits in an office that he shares with his secretary.  He has an XP pro laptop.  She has Win 2k system.  They both connect to the Internet via an old Linksys BEFSR41 (not V3, and firmware could be upgraded to 1.46.02).  Their DSL account is dynamic.  They both have private static addresses in the range. He runs ACT!, but the ACT! files are on her system.  She has access to his Briefcase.  He can print to her shared printers.  Everything works well.  However, he has decided he wants to work from home, using his laptop, (150 miles away), while she will remain in her current location.  He would prefer not to lose any of the current functionality.  He will have a broadband connection from home, probably also dynamic, with no router.  
Question:  What is the best solution?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Best solution (not the only solution):

Obtain public static IP addresses at one or both ISP.  Then, get two identical routers that can terminate a site-to-site IPSec VPN tunnel and install them at each site.  Configure them to reach each other via a 3DES or AES IPSec VPN tunnel.  This way, the manager can virtually be at his old LAN while being at home and still have access to everything.  Ensure the private IP address range of the new site (his home) does not overlap with the other LAN.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
atek1942Author Commented:
plemieux72, thanks for your response.  Please comment on the correctness of the following:
I would set one lan to 192.168.1, the other to 192.168.2.  
I would need to install a 3rd party IPSec VPN client on both systems.  
I would not need to upgrade the OS of either system.  
Both parties would need to "connect" and stay connected for full functionality.

Additionally, she has a Certance USB tape drive running Retrospect Pro attached to her system, that currently executes scheduled backups of files on her system and his system over the LAN.  I hadn't considered retaining the ability to backup his files, but might that work as well?
You don't actually needneed to get static addresses for either side of your VPN tunnel. Many vpn endpoints/servers these days work with a dynamic dns service (like the free that will register a dynamic ip addess to a static name. You just plug the name to the endpoint or software at the other side.

A simple solution for you would be the likesys WRV54G.

1. Switch out the befsr41 with the wrv54g.
2. Creat a choose and DDNS service (most are free), create an account and enter your account info into the router.
3. Create a username on the router.
4. Install the accompanying software on the remote computer and plug in your DDNS name for your office and the username and password.

You may have to change the subnet at the office from a 192.168.x.x to a 10.x.x.x to avoid conflict. When you connect, the client will do the ip configuration for you on the remote computer and it will be as if he is sitting at the office.

There are many home VPN endpoints out there that have specialized clients that make it that easy. The WRV54G is actually a wireless router, so you might not want to pay for overkill. I just chose linksys becuase I am already familiar with the process. So by all means do some research and chose the produce that best fits you, but it is that easy.
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Right, the best solution is what I stated because you asked... but as MamboDee said, you don't actually need to get static IP addresses from your ISP.  Anyway, a WRV54G or any other router that can terminate a VPN tunnel would do.  No client needed to install on any of the computers.  The two routers are going to negotiate the tunnel and this will be transparent to both clients at each site.

It will look like this:

(managerPC) -----> mask (VPNrouter) x.x.x.x ----- Internet ----- y.y.y.y (VPNrouter) <----- (secretaryPC)

The x.x.x.x and y.y.y.y are the dynamic addresses assigned from the ISP.  Each router will connect to the other one based on whatever DDNS entry you make with or a similar service.

atek1942Author Commented:
Thanks to both of you.  I have been checking the Linksys BEFVP41 router.  If my client opts for the less expensive dynamic addressing from his ISP on both ends, can each router use the same DDNS entry?  And, do you agree that backup to the tape drive over the VPN probably would work?  And, finally, if the "keep alive" option is set on both routers, it would seem that the tunnel would be automatically established as soon as both systems were booted up, as long as the relevant "Local Area Connection" is enabled at both ends.  I'm sure that is what they would prefer.
Each router will require a different DDNS "A record".

For example:     A    x.x.x.x     A    y.y.y.y

On vpnrouter1, you point it to connect to vpnrouter2 and vice-versa.

As for the backup, I currently have a monthly scheduled backup running over a VPN using Retrospect 6.5 Server.  However, it take a really long time to complete because each time, there is about 400MB to do.  It actually takes around 15 hours.  It's no big deal because it's personal (not company related) data.  Regardless, the performance might not be very good but it works!  Also, my two routers are Cisco routers, not Linksys... but I don't see why the BEFVP41 would not work.  Also, my VPN connection is automatic and the remote router negociates the tunnel automatically.  I never have to do anything and there is always a tunnel present.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.