[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Branch Office VPN Setup

Posted on 2006-04-25
Medium Priority
Last Modified: 2010-04-12
Hello all,
I have recently been tasked with integrating a Branch Office to one of the Central Office LAN's that I manage.  I have decided to go with a package that our ISP offers, which is a site to site VPN connection, 512KB uplink 3MB down pipe.  I'm not sure what the best way to set this up would be.  I realize there are several different levels involved in configuring this appropriately, but I would love to begin with just IP assignment recommendations:

LAN #1                                            A        PC's on LAN #1
                                                       B        PC's Default Gateway (LAN interface of LAN #1 Router)
                                                       C        WAN Interface of LAN #1 Router
                                                       D        Managed Device supplied by ISP for VPN Connection  *Public IP needed here?
LAN #2                                             E         Managed Device supplied by ISP for VPN Connection  * Public IP needed here?
                                                       F         WAN Interface of LAN #2 Router
                                                       G         PC's Default Gateway (LAN interface of LAN #2 Router)
                                                       H         PC's on LAN #2

So, I would love to hear how you all would set this up IP-wise, and I would also see a need for some static routes here, so any recommendations in that regard are also welcomed.

Thanks everyone!

Question by:Jandakel2
1 Comment
LVL 20

Accepted Solution

calvinetter earned 1500 total points
ID: 16535283
If going with a site-to-site VPN, make sure the IP scheme for each office LAN is different, so you don't run into a routing loop.  eg: if LAN #1 uses 192.168.10.x, LAN #2 can use 192.168.20.x (or some other range such as 10.3.2.x)

If you're going to have the following layout:
LAN#2 <-> [router#2] <-> [ISP VPN device#2] <-> Internet <-> [ISP VPN device#1] <-> [router#1] <-> LAN#1

...then yes, your ISP will assign public IPs on the WAN interfaces of the VPN devices. Beyond that, it's really up to the ISP how they'll be configuring NAT - if they'll be doing NAT on the VPN device, then you'll have a private IP on each router's WAN interface (which of course will be a different IP range than either of the internal LANs).  You won't need any static routes, just set each router's default gateway to their respective VPN device, & keep each router's LAN interface as the default gateway for the internal workstations.


Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month19 days, 7 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question