shahedny
asked on
VPS between 2 State
we have 2 office in New York City, we are opening one more office in LA. In our NYC offices we use Soho 6.0 and we have VPS network, so our managers can go to each computer using windows remote desktop. Is it possible to do with our LA office? Do they need to get Soho 6.0 to do that? Or any firewall will do? Please advice step by step since I'm not networking person.
ASKER
do we need FireFOx Firewall in both location?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need something to "route the VPN traffic" when you have more than 1 VPN tunnel.
AC
AC
Biljax,
Yep your correct, but you can use just a spoke configuration to route between offices...
NYC1 - 192.168.1.0/24
NYC2 - 192.168.2.0/24
LA1 - 192.168.3.0/24
Have NYC2 and LA1 VPN into NYC1 as you suggested.
Also:
Have LA1 VPN to NYC2
What that will do is create a redundent connection.
So my humble suggestion is for you to install 2 data lines per office, the point being you want to use two differant carriers for each line, get 2 VPN firewalls for each office (NYC1 should have a T1 BTW just for reliablity) With this configuration if a line goes down each office will still be able to connect with the others.
To route the traffic its not that bad jsut add static routes into the VPN firewalls for each location
You can also use Biljax configuration with one change if you can't get managment to go the redundent route. Just add another VPN connection/route from NYC2 to LA1 so that traffic from NYC2 dosent have to go from NYC2 to NYC1 to LA1 it will be routed from NYC2 to LA1 and skip the middle man so to speak.
Okay those are my suggestions...
Oh your question :) heheh
Yes you will need at least one VPN enabled firewall at each location along with a data connection depending on the amount of data between locations will determine the size connection you need.
Marakush
Yep your correct, but you can use just a spoke configuration to route between offices...
NYC1 - 192.168.1.0/24
NYC2 - 192.168.2.0/24
LA1 - 192.168.3.0/24
Have NYC2 and LA1 VPN into NYC1 as you suggested.
Also:
Have LA1 VPN to NYC2
What that will do is create a redundent connection.
So my humble suggestion is for you to install 2 data lines per office, the point being you want to use two differant carriers for each line, get 2 VPN firewalls for each office (NYC1 should have a T1 BTW just for reliablity) With this configuration if a line goes down each office will still be able to connect with the others.
To route the traffic its not that bad jsut add static routes into the VPN firewalls for each location
You can also use Biljax configuration with one change if you can't get managment to go the redundent route. Just add another VPN connection/route from NYC2 to LA1 so that traffic from NYC2 dosent have to go from NYC2 to NYC1 to LA1 it will be routed from NYC2 to LA1 and skip the middle man so to speak.
Okay those are my suggestions...
Oh your question :) heheh
Yes you will need at least one VPN enabled firewall at each location along with a data connection depending on the amount of data between locations will determine the size connection you need.
Marakush
You basically setup another tunnel/gateway on your main firewall to the reflect the public IP and the local network of the LA office.
Configure DNS on the main firewall to route DNS from both VPN tunnels (to both remote offices) back to your main network (DNS server). When you configure the VPN, you should enable the "Any" service (which allows all ports to be forwarded/accessed). This means, that on both sides of the VPN, the data can reach any port/destination.
This is assuming you have a Firebox Firewall as your "main" firewall hosting the VPN sessions.
AC