Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


how to connect head office to three remote office using vpn

Posted on 2006-05-16
Medium Priority
Last Modified: 2010-04-12
Hi  Expert,

                  My company has four subnet,  Head  office and  three remote offices.
Head office A and the other remote office X,Y,Z resp.
Head office has the main database server  and all dns,dhcp are housed here.
I am planning to deploy vpn to connect the remote offices to head office.

Because of lack of finance I would like to employ a linksys RV042 router at the head office only ,  instead of buying routers for all the remote office I would like use the windows vpn clients to create respective  tunnels to head office router.

Example  remote office X would like to connect to head office instead of having a  “always up” connection each office will establish an vpn connection when needed.

(1)      Is this method secure or you would recommend linksys RV042 routers for all remote offices.
(2)      If a remote office establish a vpn connection to head office is it possible to be hacked at the remote office remember no router will be at the remote offices.
(3)      Do I need dsl modems at all location (head office and X,Y,Z)

(4)      Assuming this is a company that has very sensitive information in it database could you suggest a more secure scenario.

thank you

Question by:jomfra
  • 3
LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 16695085
Using the VPN, whether with hardware routers or with the VPN client, is a secure method. However, using a client is meant for that purpose only, a single client connecting from a single location. It is not an ideal solution for a remote office, as the connection is only between that client and the main office, not branch to branch. Also you should have a router of some sort at each office to function as a basic firewall, many of these will only allow 1 VPN pass-through connection at a time. So, I strongly suggest putting an RV042 at each office; the connection is always available, any user can connect to any resource, and it is much more stable. You will probably save most of the cost of the router in configuration and management time.
As for the other questions:
1) Client is secure but would still recommend RV042's for each office
2) The main security risk of a branch-to-branch tunnel is the fact that you have put a wide open corridor between the two offices. Any security compromises at the remote office make it very easy to access the main office through the tunnel. The tunnel itself is quite secure. An example would be a branch-to-branch tunnel with a home office. If Johny in the next room is on the same network, and on line playing games and has security holes, these same holes may allow an outside user to access the main office.
3)Yes, you need a DSL or cable modem at each office. Dial up will not be acceptable for this purpose, though it does work.
4) this is likely a good solution from a security point of view. However, you mention a database. How do you plan to access it? Direct access to a database using an application locally with the data stored remotely puts to much of a demand on the connection and does not provide satisfactory performance and can even corrupt data. Can you be more specific about the application and type of database? Using terminal services over a VPN is a good way to run database applications.

Author Comment

ID: 16698889
hello robwill
                  thanks for the response .
On the question how access database from remote location
AT head office location there are two servers
(a) a sun server where the database is stored
(b) a dell poweredge server with a four port digi modem board installed

IN the current enviroment the remote loactions dail into the
the poweredge server via the digi modem board using a normal
dail up lines, when connected is establish the resp clients at the remote
location are then rerouted to the sun server to access the database.
Dns,dchp,gateway and other scope options are provide to the clients from the dell server.
From the explanation above this methed is  not only slow but very costly
because the tech use is analog, hence the connection speed has threshold of around 33.6 kbps and the the remote location might be
on the line for the duration of working day.
what i am attempting to do is replace the ordinary line with dsl technology and use the internet as the medium for transfer of data.

the application and database
solaris 8 is the os of the sun server
and the database application a mixture of c++ and oracle 7.
hope this answers you question any clarification please

LVL 78

Expert Comment

by:Rob Williams
ID: 16698978
jomfra, to be honest I am not at all familiar with that data base structure. However, if it works with a slow or dial up connection you will have no problem with DSL and VPN. The problems that can occur depend on the application and data structure or more importantly the way the two communicate. Large corporate type system such as yours are usually fine, but most of the questions posted here seem to relate to Access databases or applications that incorporate Access like data bases. These systems require huge network overhead and really will only work in a LAN environment. You should have no problem.
LVL 78

Expert Comment

by:Rob Williams
ID: 16701339
Thanks jomfra. Good luck with it.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

576 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question