VPS between 2 State

Posted on 2005-05-05
Last Modified: 2013-11-21
we have 2 office in New York City, we are opening one more office in LA. In our NYC offices we use Soho 6.0 and we have VPS network, so our managers can go to each computer using windows remote desktop. Is it possible to do with our LA office? Do they need to get Soho 6.0 to do that? Or any firewall will do?  Please advice step by step since I'm not networking person.
Question by:shahedny
    LVL 6

    Expert Comment

    Yes, you would setup an IPSEC VPN between your main office and the LA Office.

    You basically setup another tunnel/gateway on your main firewall to the reflect the public IP and the local network of the LA office.

    Configure DNS on the main firewall to route DNS from both VPN tunnels (to both remote offices) back to your main network (DNS server).  When you configure the VPN, you should enable the "Any" service (which allows all ports to be forwarded/accessed).   This means, that on both sides of the VPN, the data can reach any port/destination.

    This is assuming you have a Firebox Firewall as your "main" firewall hosting the VPN sessions.


    Author Comment

    do we need FireFOx Firewall in both location?
    LVL 6

    Accepted Solution

    Ideally, it should be something like this:

                                 MAIN OFFICE (MAIN DNS/FILE/DHCP SERVER)
                                     FIREBOX II, III or X series firewalls
                                         |                                 |          
                                     VPN1                             VPN2
                                         |                                 |
                                    SOHO 6                         SOHO 6
                                         |                                  |
                                 Internal network                  Internal Network
                                 at NY office 1                        at LA office

    LVL 6

    Expert Comment

    You need something to "route the VPN traffic" when you have more than 1 VPN tunnel.

    LVL 8

    Expert Comment


    Yep your correct, but you can use just a spoke configuration to route between offices...

    NYC1 -
    NYC2 -
    LA1 -

    Have NYC2 and LA1 VPN into NYC1 as you suggested.


    Have LA1 VPN to NYC2

    What that will do is create a redundent connection.

    So my humble suggestion is for you to install 2 data lines per office, the point being you want to use two differant carriers for each line, get 2 VPN firewalls for each office (NYC1 should have a T1 BTW just for reliablity) With this configuration if a line goes down each office will still be able to connect with the others.

    To route the traffic its not that bad jsut add static routes into the VPN firewalls for each location

    You can also use Biljax configuration with one change if you can't get managment to go the redundent route. Just add another VPN connection/route from NYC2 to LA1 so that traffic from NYC2 dosent have to go from NYC2 to NYC1 to LA1 it will be routed from NYC2 to LA1 and skip the middle man so to speak.

    Okay those are my suggestions...

    Oh your question :) heheh

    Yes you will need at least one VPN enabled firewall at each location along with a data connection depending on the amount of data between locations will determine the size connection you need.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now