• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Need some guidance about setting up a remote network

I was hoping to get advice from some experienced techs on setting up a remote office.

Our current network has about 40 nodes, 1 subnet with it's access being provided by 2 T1's.

We have a seperate company about 600 miles away that has 5 or 6 nodes and a business DSL line.

We are splitting up the remote company and bringing some people up here, and running all of their business software (like peachtree, UPS, etc) off of our servers. We want to leave two computers and 2 IP phones there, and give them access to our terminal server and limited access to some other network resources.

What I need to figure out is the best way to do this in terms of what type of connection they need, are subnets necessary, if so what type of routing setup do I need, etc etc.

Thanks for the help, as always.
0
ximbuex
Asked:
ximbuex
  • 5
  • 2
  • 2
2 Solutions
 
TheTullCommented:
Your most cost effective method would be to setup a permanent VPN connection between the two sites using two Cisco PIX's or any other IPSec enabled devices.  This would create a virtual tunnel and you wouldnt need to do anything special with the IP addressing as long as the devices can route between the different subnets (Which they should be able to do)

This will give your remote office more than enough ability to use Terminal Services, they can also use network resources directly but the performance will lag.  
0
 
Rob WilliamsCommented:
If you were to set up a site-to-site hardware based VPN they should be able to securely maintain access for terminal services and the IP phones. The 2 locations will need to be on different subnets but there is no real routing that needs to be configured as the VPN will look after that. The DSL connection for 2 IP phones and a few computers should be fine. Adding more computers shouldn't be an issue but more IP phones may start to push the DSL depending on the number of simultaneous users.
You will also be able to access shares to run applications on your local computers using the remote files. Although you don't mention it if it is a requirement, it will work fine with most files but not as efficiently as Terminal Services. A word of caution, applications that use a data base, such as PeachTree, should not be run on the remote computer with the data elsewhere. If you plan to use Terminal services for this you will have no problem.
As for hardware I would say you best bet would be a couple of Cisco Pix firewalls. They are very dependable, and Cisco have excellent support. If there are budget restrictions you could consider something like the Linksys RV042. Both of these units will also allow using a software client for mobile users to access, though the Linksys software client some people have problems with. When purchasing look into licensing to make sure it will meet your needs. For example the smallest Cisco pix unit only allows 10 users and 10 VPN sites or mobile users. Easily upgradeable for unlimited local users, not remote, but you should look into what your future needs will be to be sure you are not boxed in by your hardware. The Linksys has far less licensing limits.

0
 
Rob WilliamsCommented:
Sorry TheTull, some duplication there, you obviously type faster <G>
--Rob
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
TheTullCommented:
No problem, it looks like you duplicated with some nice more specific detail.
0
 
Rob WilliamsCommented:
Probably looks good that we agree :-) Thanks,
--Rob
0
 
ximbuexAuthor Commented:
Sounds pretty straight forward, I happen to have an extra PIX layin around, but what we're using now is a Sonicwall TZ170, though I think plenty of people have been able to tunnel b/t the two in the past.

We dont have our new phone system in yet (its a digital/IP hybrid) but I'm pretty sure they said the IP phones would be setup on a different subnet, does that change anything?

The main thing is keeping peachtree performance fast, which is why I want to go the TS route, seems like we are in agreement there.

From a security standpoint, does tunneling their general internet traffic through our connection do any good if they are both firewalled?
0
 
Rob WilliamsCommented:
Nothing wrong with using the Sonicwall with the Cisco. Good unit. Support is a bit of an issue as you have 2 companies involved, but once running it should be fine. I am not Cisco trained, but there are lots of fellows here who are, especially in the routers topic area, if you wanted to post a configuration question.

The phones may run on a different subnet, but more likely on a VLAN. This is done to isolate traffic and with the right switches, it can improve performance at the main office. You should talk to the supplier about the specifics.

Security wise the remote users Internet access can be run through your office. It can reduce performance but wit 2 users I wouldn't worry about it. The Cisco by default will do that so that it isolates the VPN (your head office) from the remote office's network. If you wanted to route it directly you would have to enable split-tunneling. However, if they are primarily using Terminal Services it is not an issue regardless.
0
 
ximbuexAuthor Commented:
Everyone must agree, no more input. Thanks for the advice guys!
0
 
Rob WilliamsCommented:
Thanks ximbuex,
--Rob
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now