Best way to remotely connect offices?

Posted on 2008-06-09
Last Modified: 2013-11-21
Hi. I need to set up an environment that our branch offices can connect to our central office in California for an accounting software called SBT. Currently there are 7 workstations that connect to our server (Win 2003 server) for the software. A quick diagram of our network in CA is like this: T1 internet-> Linksys router(DHCP enabled) -> Win 2003 Server (Active Directory) -> Each workstation gets 192.168.1.XXX as an IP and shares internet.

The plan is to first make 3 workstations in Japan use the software at the same time. I know that Remote Desktop allows only 1 user at a time, so it's not gonna work for our project. What could be the best way to implement this plan? The possible plans that I can think of are:

1. The best way for us now:
I don't know if it's possible, but because we have already 7 workstations to connect to the software and thanks to the time zone difference, we can somehow make 3 workstations in Japan to connect to 3 different workstations in our central office. I know RDP uses port 3389, so this plan is only possible when the users in Japan could access throughout different ports. Is it possible to use 3 different ports in a router to send 3 requests from outside to 3 different workstation here? If so, this could be the best plan for us.

2. Second Option: VPN:
I've heard about it but have never used it. Would it be one of the best options in my situation? The only problem is that I have to limit the users from some of our resources in Central office. If you're famillia with VPN, please explain to me how to set up the network.

3. Third option:
This could be an ideal way, but if I can, I'd like to avoid it due to its cost and time.
Use Win 2003 Terminal Server and buy CALS for the users in Japan. Set up the Terminal Server in central office. Again, the actual number of remote users are at most 3, so I'd like to pass this one, if I could have another option.

These are some of the possible deployment plans that I can think of. Please advise me which way to go. If there's a better way, please let me know also. Although I understand some network techniques, I'm not a network engineer, so please explain to me using normal English :-) Thanks in advance
Question by:ychousa
  • 7
  • 5

Accepted Solution

albuitra earned 250 total points
ID: 21745957
IMHO the best solution is the VPN.
You can use a linux solution, or even a HW solution
The linksys router maybe used like VPN server, and the PCs in Japan like clients
In linux you can use something openvpn in CA, and the clients in Japan
In CA you use the network 192.168.1.XXX/24 and in Japan use 192.168.2.XXX/24
Check the documentation
In a VPN you could use printers, VoIP, file sharing, etc

Author Comment

ID: 21746009
Hi, albuitra. Thanks for your reply.
The users in Japan should be able to access accounting software ONLY. I don't want them to use our whole network resources. Would it be possible?

And also, I've learned that each router has different number of "tunnels." Can I think if a router has 5 tunnels, 5 users can access concurrently?

Expert Comment

ID: 21746120
First, using a firewall you can filter the access to only a group of resources.
Second, you are wrong.
With Japan you only use ONE tunnel for ALL conecctions.
So, if you can have 5 tunnels, you could have something like this:
1. CA <--> Japan
2. CA <--> London
3. CA <--> Boston
4. CA <--> Employee with portatil in Brasil
5. CA <--> Boss from home
In VPN you have 2 subnets. The option Site to PC, iscounted like subnet to Subnet the only one PC

Author Comment

ID: 21746167
So, 3 users in Japan in one office connects to our network at the same time, or not, using VPN? This is the fundamental question to do all of this.And if so, do they also have to have a Linksys brand router?

Expert Comment

ID: 21746215
If the users in Japan use a linksys router, they only use one tunnel, and connect the 3 at same time or even 10 at same time.
But i don't know the model exact of linksys to say if it supports firewall and restrict the access to only the accounting software

Author Comment

ID: 21746332
OK. So, 3 users can access IF THEY USE a linksys router, right? But do they have to have the same brand, linksys?  Or, is it possible to connect using a different brand?

And hopefully the last question, do they have to have a router? What if a one-man operating office in Germany (without a router) wants to access our network using a laptop? Is there a software for that, or how does it work?

Thanks a bunch!
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Expert Comment

ID: 21746370
Some models of routers can interconnect with other brands, but others only with linksys.
The best to only use linksys is that you don't have to understand two manuals, only one.

For the employe in Germany, he can use a VPN software without a router and connect to your router office

Author Comment

ID: 21746411
Fantastic! Thank you very much, albuitra. I'll accept your answers. Lastly, could you recommend some good VPN softwares? Are there free ones?

Expert Comment

ID: 21746463
If you need strong security, you could think in use Linux in CA and Japan, and use ssl-keys of 2048 bits.
If not, you could use PPTP VPN in linksys

Author Comment

ID: 21746482
Oh. I forgot to ask one. Sorry... In Japan, they have their own network, consisting of approx. 15 people. How can they incorporate this VPN with their own network? Do they use a VPN software?

Author Comment

ID: 21746583
Forget my last question. I got the answers from a site. They need to enable IPSec Passthrough and use a VPN software, like the ones you linked, right? Thanks again!

Author Closing Comment

ID: 31465525
Thanks again!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now