understanding site to site vpn's

I need help understanding site to site vpn's. When a site to site vpn is established is the connection always active or does the user have to execute a program to connect to the other site. And if the user connects to the other site, how does the connection not get confused  with their present network. Help me understand, I am new to this.  :0)  All feedback is appreciated.
mrlucio79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

calvinetterCommented:
Typically, a VPN link will remain active while traffic destined for either side's target network is being transmitted, & may remain active for a period of time after VPN traffic is idle, until a "lifetime" timeout is reached.

Your VPN devices are configured to so that any traffic destined for a certain range of IPs will be sent over the VPN tunnel, instead of being sent out as normal unencrypted traffic.

Example:

LAN A <--> VPN firewall A <---> Internet <---> VPN firewall B <--> LAN B
                 |------------ VPN tunnel ------------|

LAN A: IP range = 10.3.2.0/255.255.255.0
LAN B: IP range = 172.18.0.0/255.255.0.0

VPN firwall A is configured so that any traffic sent to the 172.18.0.0 range of IPs is sent via the encrypted tunnel through the Internet (or other connection), any other traffic that's not local to LAN A is sent unencrypted out to the Internet.
   VPN firewall B is configured "in reverse", so that any traffic sent from a LAN b workstation to a LAN A address is sent via the VPN, & if the VPN tunnel isn't active, the VPN connection is established because the VPN firewall sees traffic that it knows must be sent via a VPN link.

Hope this clarifies somewhat.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
calvinetterCommented:
Oops, my text-based formatting didn't come through on the post, but hopefully you get the idea.  I'd intended for the ends of the VPN tunnel link to show up directly in the middle of each of the VPN firewalls.
mrlucio79Author Commented:
good answer. Have you heard of any successful connections using the sonicwall pro4060 and a cisco pix?
calvinetterCommented:
Glad to help.
Haven't yet configured a VPN between the two, but I imagine you should be able to. Sonicwall's website has this doc that may hellp:
http://www.sonicwall.com/support/pdfs/technotes/vpn_interoperability_between_sonicos30e_and_cisco_pix_firewall.pdf
wdunskiCommented:
calvinetter,
You seem very knowledgable in this and I'm also a newb and have a question if its ok.
In your response you wrote:
"  LAN A: IP range = 10.3.2.0/255.255.255.0
   LAN B: IP range = 172.18.0.0/255.255.0.0  "
My question is, do LAN A and LAN B have to be on different subnet masks and can they both use say 192.168.1.x or do the IPs have to be different?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.