Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VPN GURU's LEND ME YOUR EARS!!!!!

Posted on 2006-04-28
7
Medium Priority
?
367 Views
Last Modified: 2010-04-12
I have been trying to the best of my ability to gather information on the best site-to-site VPN solution for one of my customers.  I am a LAN administrator for a Central School District as my “day job”, and I manage several businesses LAN’s for a side endeavor.  Given my LAN background, I have never had to embark onto the WAN side of the house…..until recently.  One of my clients recently acquired another business, and they would like this newly acquired business to use their server, and Automotive Management Application, remotely.  This seems like a perfect fit for a site-to-site VPN solution, unfortunately I am familiar with their setup and configuration in concept only.  I am looking at purchasing a Cisco 700 series or 800 series router for both locations, and going this route for the VPN.  I will be using a 512 KB uplink/3MB download line through Broadband Cable ISP.  I am also planning on registering two static IP’s.  If you can find the time, any insight you can give to a VPN idiot would be absolutely phenomenal.

Thanks All-

JK
0
Comment
Question by:Jandakel2
7 Comments
 
LVL 9

Expert Comment

by:Bill_Fleury
ID: 16569376
Sounds like a plan, however if you want a very simple and easy to configure yet powerful router for the site to site VPN, you may want to check out the Kentrox Q2300 series routers.  I have several site to site VPN's running with these boxes and rarely see problems of any kind.

http://www.kentrox.com/products/family_qseries/

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 2000 total points
ID: 16569409
VPN is pretty straightforward. Here are some of the pointers.

1) When you purchase the router, make sure that the feature set that you get is VPN capable.

2) When designing the IP scheme of the new routers, avoid using overlapping IP addresses
on the internal network of the routers. Meaning, as much as possible, make sure that the
internal networks of the routers are different.

3) Finally, here is an example of a simple site to site with NAT overload, if you have any questions on the configuration, let us know.

Configuring IPSec Router-to-Router, Pre-shared, NAT Overload Between Private Networks
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16582767
That is a good link stressedout2004, but it can scare the uninitiated. Everything you need to do on the cisco products can be done in less than 10 minutes with 0 cisco knowledge using the SDM. The SDM is  a practical tool to get a crash course in cisco without crashing the business. just make sure you go into preferences and select show commands before submitting to router.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 4

Author Comment

by:Jandakel2
ID: 16585503
LAN #1  192.168.1.0/24

Central Office Automotive Management Server: 192.168.1.250

Router #1 LAN Interface:  192.168.1.1
Router #1 WAN Interface:  64.566.21.39  (Static IP Assigned by ISP)

Router #2 WAN Interface: 64.566.31.38
Router #2 LAN Interface:  192.168.2.1

LAN #2 192.168.2.0/24

How does this look, as far as dirt floor configuration?  Will I need to have an active Broadband Connection in both offices?  How difficult would it be to set up both offices with broadband connections, so that if one office's connection goes down, the other offices connection could provide the Internet?  I.e., resolve the single point of failure?  Thanks everyone

JK
0
 
LVL 9

Expert Comment

by:stressedout2004
ID: 16605342
The IP scheme looks ok. Yes you would need an active broadband connection in both offices (or whatever other means of internet access for that matter). For redundancy, you would need to have another WAN for internet, VPN relies on
VPN connection, so if the internet connection goes down, VPN goes down too. So if you want redundancy, you will need
to have another WAN connection that will serve as a backup in case the main WAN connection goes down.
0
 
LVL 4

Author Comment

by:Jandakel2
ID: 16605608
Thanks stressed out2004.....if your stressedout04, im stressed out 06, haha.

JK
0
 
LVL 9

Expert Comment

by:stressedout2004
ID: 16606757
hahaha. well aren't we all stressed...Good luck to you
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question