• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Branch Office VPN Setup

Hello all,
I have recently been tasked with integrating a Branch Office to one of the Central Office LAN's that I manage.  I have decided to go with a package that our ISP offers, which is a site to site VPN connection, 512KB uplink 3MB down pipe.  I'm not sure what the best way to set this up would be.  I realize there are several different levels involved in configuring this appropriately, but I would love to begin with just IP assignment recommendations:

LAN #1                                            A        PC's on LAN #1
                                                       B        PC's Default Gateway (LAN interface of LAN #1 Router)
                                                       C        WAN Interface of LAN #1 Router
                                                       D        Managed Device supplied by ISP for VPN Connection  *Public IP needed here?
LAN #2                                             E         Managed Device supplied by ISP for VPN Connection  * Public IP needed here?
                                                       F         WAN Interface of LAN #2 Router
                                                       G         PC's Default Gateway (LAN interface of LAN #2 Router)
                                                       H         PC's on LAN #2

So, I would love to hear how you all would set this up IP-wise, and I would also see a need for some static routes here, so any recommendations in that regard are also welcomed.

Thanks everyone!

1 Solution
If going with a site-to-site VPN, make sure the IP scheme for each office LAN is different, so you don't run into a routing loop.  eg: if LAN #1 uses 192.168.10.x, LAN #2 can use 192.168.20.x (or some other range such as 10.3.2.x)

If you're going to have the following layout:
LAN#2 <-> [router#2] <-> [ISP VPN device#2] <-> Internet <-> [ISP VPN device#1] <-> [router#1] <-> LAN#1

...then yes, your ISP will assign public IPs on the WAN interfaces of the VPN devices. Beyond that, it's really up to the ISP how they'll be configuring NAT - if they'll be doing NAT on the VPN device, then you'll have a private IP on each router's WAN interface (which of course will be a different IP range than either of the internal LANs).  You won't need any static routes, just set each router's default gateway to their respective VPN device, & keep each router's LAN interface as the default gateway for the internal workstations.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now