[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I have been asked to network 3 offices which is fine based on a switch and some cable, but they want to extend the network over three offices so do I create a VPN or how do I go about this?

Posted on 2005-04-20
23
Medium Priority
?
292 Views
Last Modified: 2013-11-16
I have a client with 3 offices, we expanding to three offices.

He wants to make 1 computer into a server in each office which isnt a problem but he also wants to extend the network over three offices I guess to share files etc.  

How would I go about this?

Cheers

Mat
0
Comment
Question by:auraorange
  • 7
  • 5
  • 5
  • +3
23 Comments
 
LVL 13

Expert Comment

by:2hype
ID: 13829817
THis is just one option.

You could create 3 seprate Domains at each location
Create a VPN between the 3 Domains
Create a Trust Relationship Between the 3 Domain controllers

0
 
LVL 2

Author Comment

by:auraorange
ID: 13829922
So if all 3 networks were on separate domains

domain1,2,3

thats ok, but how do I create a VPN? and trust relationship?

if you can point me in the right direction then i should work it out.

all three locations are on broadband..... but they are not static IP addresses....

Mat
0
 
LVL 1

Expert Comment

by:Brigeer
ID: 13830093
You can keep them all in one domain and make one server a PDC and the other two at the other locations BDCs.  You can setup the VPN many ways but I would look into cisco routers with propers mappings or look into a FW with VPN such as Sonicwall.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 1

Expert Comment

by:Brigeer
ID: 13830101
Or the customer could actually do VPN and put a Terminal Server at the main location and have the remote sites run Remote desktop apps, or use Citrix.
0
 
LVL 13

Expert Comment

by:2hype
ID: 13830252
Like Brigeer said you could also have 1 domain and have the servers replicate through a VPN to one another.

You wouldnt Have PDC and BDC though, Unless you are using a NT Server which I doubt because you are installing them new.

If you are newer to networking setting up 3 domains and creating a trust might be easier to maintain.

I would look at buying a hardware router that will take car of connecting the VPN's together for you.  There are also Linux soulutions like IPCop that have VPN built into them that you could use for a router.
0
 
LVL 10

Assisted Solution

by:Purple_Tidder
Purple_Tidder earned 1200 total points
ID: 13830978
I've found some inexpensive routers with firewall built in that work really well.  I have to sites with networks.  They are about a mile apart, and both have DSL.  I bought 2 D-Link DI-804HV routers.  They support multiple VPN tunnels, and were a breeze to configure.  They cost me about $50 a piece.  They've been up and running for about a year now with no problems, other than one of the secretaries accidently reset it.  Long stupid story.

BUT, I would only recommend this as a small network/small business solution.  D-link is definitely not for large corp network.  I would get something more high end.
0
 
LVL 10

Expert Comment

by:Purple_Tidder
ID: 13830981
haha...
In my previous post, I meant to say I found some inexpensive routers with VPN tunnelling built in, not firewall, that should be a given.  Man, it's late ok...
0
 
LVL 10

Expert Comment

by:Purple_Tidder
ID: 13830993
And also, you'll probably want to get static IP addresses for your broadband connections.  Makes it so much easier.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13835303
Depending upon the size of your company ,you might want to look at Novell Small Business Server 6.5 or 9.0.
One is Netware kernal based and the other is Linux based.
100 user and 5 file servers allowed in the NW 6.5 based kernal and 100 user 3 file server limit in the Linux based version.

Easier to maintain in terms of licensing and upgrades.

Here is an example of how a SBS 6.5 apprach could solve your problems cheaper ,better and faster:

At the main branch office you could set up a 2 node cluster for high availability along with a SAN (iSCSI).
At your branch offices you could set up their (Novell) with a bundled in product called NBO(Netware Branch Office),essentailly a Linux based appliance that caches all files and users locally and synchs files and such across the WAN to your main site.

They don't need to do any local backups and all data is synced to you main office server on a schedule you set up.
File and print is done local and security is a breeze.Anybody heard of a Novell box being hacked?

$599 bucks list for a 5 user ,this includes backup software,Groupware,Apache,MySQL,Zenworks 4 and lots of other goodies.
And you can keep your Windows stuff up and running alongside and manage both throgh Novell Edir/DirXML.

Check it out :

www.novell.com/smalbiz
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13835334
0
 
LVL 2

Author Comment

by:auraorange
ID: 13836157
PURPLE, that looks interesting and easiest to set-up, the offices are only max of 5persons in each but currently 2 persons in each.

0
 
LVL 6

Expert Comment

by:WhitePhantom
ID: 13838219
Oh man, it's SO EASY!  I'll even find you the how-to so you can read over it.

Here it is:
http://support.dlink.com/faq/view.asp?prod_id=1295&question=DI-804HV%20/%20DI-808HV

Only thing I had problems with is MTU settings on a windows ME computer, had to drop it to like 1462.
0
 
LVL 6

Expert Comment

by:WhitePhantom
ID: 13838254
Whoops, wrong account...
0
 
LVL 10

Expert Comment

by:Purple_Tidder
ID: 13838277
Sorry about that, 2 techs work here, WhitePhantom and I.  I accidently replied before I saw who was logged in.
0
 
LVL 2

Author Comment

by:auraorange
ID: 13839131
Purple, thanks for that

So if I buy 1 D-Link DI-804HV for each of the three offices and broadband at each office I can do this?

What about spatic IP addresses? is there a way around that as it will be hard to justify too many things to this particular client

Thanks

Mat
0
 
LVL 10

Assisted Solution

by:Purple_Tidder
Purple_Tidder earned 1200 total points
ID: 13839606
Umm... I'm not sure about the static IP address thing.  You may be able to use a service like http://www.no-ip.org or something to keep track of IP address changes, and bind them to a free sub-domain.  Check them out, and I'll see if you can use domain names instead of IP addresses in the DI-804HV.
0
 
LVL 2

Author Comment

by:auraorange
ID: 13841272
so just to clear something up.  On your two sites, you have static IP addesses with your DSL?

and me needing to replicate what you have donw but with an extra 3rd site should not complicate things too much?

Cheers

Mat
0
 
LVL 13

Assisted Solution

by:2hype
2hype earned 800 total points
ID: 13843830
If you want to setup your VPN you are going to need a static IP Address at the 3 locations.  When you setup your VPN you will have to Enter the IP Address of all 3 Networks into your VPN Settings.

 If you have Dynamic IP Address's when your address changes the VPN connection will be Lost because its looking for (example) 142.165.88.33 but that address is no longer yours.

I would pay the extra money and get static IP's.  

Like Purple's said you could also look into something like http://www.dyndns.org/ you can register for a free domain name like mysite1.dyndns.org.  You download a program that monitors your IPAddress and when it changes it uploads the new IPAddress to the Dyndns service which will then point your mysite.dyndns.org to your new IPAddress.

When you create your VPN you would enter mysite1.dyndns.org as your RemoteHost
0
 
LVL 10

Expert Comment

by:Purple_Tidder
ID: 13844886
Yes, I have both sites setup with static IP's with DSL.  I verified with D-Link that you could use 3 DI-804HV's in a triangular setup and it will work.  Like 2hype said, I would recommend as well sticking with static IP addresses.  But I did try the free domain thing with the 2 I have setup and it seemed to work ok.  I didn't test it very long though, as I don't want to trust a service like that to keep me up and running 24/7.
0
 
LVL 2

Author Comment

by:auraorange
ID: 13871697
just to clarify before closing the question... I need 3 locations with static IP addresses and 1 router in each location.

Does each network have to be a domain or can it be a workgroup?

Mat
0
 
LVL 13

Expert Comment

by:2hype
ID: 13871939
If your going to setup a Server I would make each location a domain.  You would create your VPN as mentioned above (all 3 sites should have static addresses).  You would then setup a Trust Bettween your 3 domains.

You will need to setup a wins server or edit your LMHost file to have name resoultion over the VPN.
0
 
LVL 13

Expert Comment

by:2hype
ID: 13871957
If all you want to do is share files from each location you could leave them as a workgroup and that would work fine.  They would just be prompted for a username/password when trying to gain access to your file server over the VPN (unless you configured an account with the same username/password for every user on the file server).
0
 
LVL 10

Accepted Solution

by:
Purple_Tidder earned 1200 total points
ID: 13872894
Mat, each network can be a workgroup.  If you have a dedicated file server that is running a desktop os such as windows XP with simple file sharing enabled, it will not ask you for username and password across your VPN. If running an network os like server 2000 it will do as 2hype says.  You will have to use IP addresses though, unless you do what 2hype suggests to enable name resolution. As small as your networks are though, having only 2-5 computers, it may not be worth the trouble anyway.  But whatever you feel necessary.  I didn't use name resolution between my two sites mainly because they are both accessing only one computer on the other side.  And both my networks are just workgroups, no servers involved at all.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question