Remote site access

dennisjameshoward
dennisjameshoward used Ask the Experts™
on
We ran into a unique situation, our company is scheduled to move tomorrow and our fabulous telecom compnay informed us that our private lines will not be ready by then.  I am on a scramble to get a temporary high speed internet solution (50 mb comcast service) by this weekend.  If successful, what is the best way to have the users access the network? Should I have them use VPN to remote in or should I set up a site to site connection, has anyone encountered this before?  Please HELP with suggestions!!  We have about 15 users.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Depends on what they will need to access.  Domain login? File Shares? Intranet? Application servers?
Sounds like either a site to site VPN or setting up individual VPN connections are your options. Router to router (site to site) has less overhead although individual connections would probably be more flexible for the users if they are in states of personal turmoil (%

I'd use site to site myself. Less hassle, less support and less overhead.

Author

Commented:
Site to site sounds good.  My equipment is as follows:  Host site - cisco asa 5510  Remote site - cisco 2610  and the comcast modem.  My question is how do I hook the modem into the router?  All I have is a Wic t1 port.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Not familiar with the Comcast modems although I sure wish I was... 50mb looks pretty good.

Presumably, the comcast modem presents are etnernet on an rj45. Only possibility I can see would be put the modem into ethernet bridge mode and stick an ethernet wic in the cisco
If the desired end result is simply internet access and file shares why not just set up a ras at the host site, run the comcast modem through a switch and have individuals log into a vpn client to the ras?  This sounds like it will be a very temporary solution so why not keep it simple as possible?

Author

Commented:
It is temp,  but my situation gets worse by the minute!  Our license for ssl VPN is only 10. We have more users than that, but our VPN license is for 250.  Can I use ssl and regular VPN? If so, how do I set up the regular VPN users?  Also, we have a PBX that needs to communicate back with the main site PBX, obviously there is no client to achieve this, any ideas?
This may not be the most secure solution available, but for your size you arent attracting the hordes of hackers a huge enterprise would....  I would try this..Assuming your a microsoft shop.

Setup routing and remote access on a server at the host site.

use the microsoft vpn client with l2tp for users to connect from the remote site.

If the pbx is server based try connecting the pbx server to the vpn tunnel and see if it passes traffic. (not sure what firewall configuration you have)  You will not have any QOS but heck it may work with a 50mb connection through the vpn depending what the host site's internet pipe is.

This is pretty fast and dirty, but I do not see why it would not work, and it can be tested in minutes.

Author

Commented:
Anyone familiar with setting up an IPsec tunnel with the asa5510?  What do the clients need? Can webvpn and IPsec both run at the same time?

Author

Commented:
Just confirmed, we are having the cable modem installed tomorrow morning!  Ok,  now let's see if something can be done.  I found our old PIX 515e, has two ethernet ports,  is there a way to set this up with my remote office as a sit to sit tunnel?  Basically my situation looks like this:

Host site - Cisco ASA 5510  Network : 10.1.10.0  255.255.0.0
Remote Site - 2610 , 2 ethernet ports; cable modem, PIX 515e  network: 10.4.10.0   255.255.0.0

Can I get these connected as a site to site?  Where should I begin?
I gave you a solution.  If this is as temporary as you say and you are a 15 user shop I dont know why you are making it so complicated without the experience to architect it.  Nat a public IP to a RAS server and have the end users log in to he host site remotely.  Unsure if you will have servers at the client site.  If so then you should set up a tunnel from the routers, but if not the RAS server is your easiest solution.

Author

Commented:
Figured it out - here is what I did:  Rebuilt an old PIX 515e and connected it to the cable modem, after 12 hours of "experience"  I managed to secure a beautiful site to site connection that has been working as smooth as multilinked T1's.  As far as my IP phones, I was able to get my remote PBX to communicate with the service gateway via another site to site connection (different networks) and for quality I scrapped QoS and figured out how to use my PBX's IGAR feature to route outbound and inbound calls transparently (extensions) through my ISDN.  Bottom line, we were at 100 percent functionality on Monday without any loss of service.
GREAT WORK!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial