You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Site to site VPN
Posted on 2011-02-14
Hello everyone. I have a question, and would be grateful for some help. It's like this.
I inherited a pre-existing condition of network in one company. Company has offices in two locations, and what is been suprising two (separate) domain's with no vpn between them. Domain subnets are different - location 1 is 192.168.1.0/24, and location 2 is 192.168.0.0/24. Location 1 has about 50 clients with one win 2003 DC and one linux gateway/firewall. Location 2 had about 20 clients with only one win2008 DC (was gateway WITHOUT firewall or anything) and i added separate Linux that is now gateway/firewall for that domain. Both locations are behind ADSL modem (no routing or VPN possible) with dynamic public IP (we have dyndns service).
The question is, what would be steps for creating site to site VPN between those two location if possible using only what is already there. I would be more willing to create routers on separate linux machines rather than buying hardware vpn capable routers.
And also, what would be best practice for domains, to leave as they are or to put everything in single domain, or promote location 2 domain as child domain on location 1 domain... Many questions but i draw a diagram below for better realizing, i more or less put everything in it (VPN as it should be is in center of image) as my English is not as good, so me typing this question is pretty challenging.
Thanx in advance.
I inherited a pre-existing condition of network in one company. Company has offices in two locations, and what is been suprising two (separate) domain's with no vpn between them. Domain subnets are different - location 1 is 192.168.1.0/24, and location 2 is 192.168.0.0/24. Location 1 has about 50 clients with one win 2003 DC and one linux gateway/firewall. Location 2 had about 20 clients with only one win2008 DC (was gateway WITHOUT firewall or anything) and i added separate Linux that is now gateway/firewall for that domain. Both locations are behind ADSL modem (no routing or VPN possible) with dynamic public IP (we have dyndns service).
The question is, what would be steps for creating site to site VPN between those two location if possible using only what is already there. I would be more willing to create routers on separate linux machines rather than buying hardware vpn capable routers.
And also, what would be best practice for domains, to leave as they are or to put everything in single domain, or promote location 2 domain as child domain on location 1 domain... Many questions but i draw a diagram below for better realizing, i more or less put everything in it (VPN as it should be is in center of image) as my English is not as good, so me typing this question is pretty challenging.
Thanx in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
Active 1 day ago
way:-
1. make different network for two different networks(if possible same subnet)
2.go for site to site ipsec based vpn
you can use linux/vpn box/firewall
3.if you don't want to buy extra device..then please use same subnet for two different location...
1. make different network for two different networks(if possible same subnet)
2.go for site to site ipsec based vpn
you can use linux/vpn box/firewall
3.if you don't want to buy extra device..then please use same subnet for two different location...
diprajbasu thanks, if not too much of a problem little more info:
1. make different network for two different networks(if possible same subnet)
Does that mean that addresses should be for example Location 1 192.168.0.1-192.168.0.100 and for location 2 192.168.0.101-192.168.0.25
What about domain names (leave like it is..)?
2.go for site to site ipsec based vpn
you can use linux/vpn box/firewall
Do you maybe have some example how to do it behind ADSL with dynamic ip ?
(Should i have static public ip on locations or it would work with dyndns name ?)
Thanks in advance.
1. make different network for two different networks(if possible same subnet)
Does that mean that addresses should be for example Location 1 192.168.0.1-192.168.0.100 and for location 2 192.168.0.101-192.168.0.25
What about domain names (leave like it is..)?
2.go for site to site ipsec based vpn
you can use linux/vpn box/firewall
Do you maybe have some example how to do it behind ADSL with dynamic ip ?
(Should i have static public ip on locations or it would work with dyndns name ?)
Thanks in advance.
If you're looking for a low cost solution, look at setting up what you want using OpenVPN
Take a look at:
How to bridge networks with OpenVPN
Joining Networks with Open VPN
OpenVPN - Site-To-Site Routed VPN Between Two Routers
There are also relevant e-books available. See:
Open VPN 2 Cookbook
Beginning OpenVPN 2.0.9
In terms of best practises for domains, I think of medicine's "Primum non nocere" (Latin for "First, do no harm") and the American idiom "If it ain't broke, don't fix it".
In other words, if you inherited the current infrastructure, and it's currently working correctly, and you can achieve what you want (VPN between sites) with minimal modifications to the existing infrastructure, then I would recommend that as the way to go.Best practises in network design are for the design phase, not the post-implementation phase. You would need a compelling reason to change the current set up.
If you can set up what you want without incurring a lot of overhead/cost using your current subnets, why change them?
Anyway, hope that helps.
Take a look at:
How to bridge networks with OpenVPN
Joining Networks with Open VPN
OpenVPN - Site-To-Site Routed VPN Between Two Routers
There are also relevant e-books available. See:
Open VPN 2 Cookbook
Beginning OpenVPN 2.0.9
In terms of best practises for domains, I think of medicine's "Primum non nocere" (Latin for "First, do no harm") and the American idiom "If it ain't broke, don't fix it".
In other words, if you inherited the current infrastructure, and it's currently working correctly, and you can achieve what you want (VPN between sites) with minimal modifications to the existing infrastructure, then I would recommend that as the way to go.Best practises in network design are for the design phase, not the post-implementation phase. You would need a compelling reason to change the current set up.
If you can set up what you want without incurring a lot of overhead/cost using your current subnets, why change them?
Anyway, hope that helps.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Make the most of your online learning experience.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 3 hours left to enroll
Earn Certification
Cisco CCNA R&S: ICND2 v3
$197.00$177.30
Earn Certification
Cisco CCNA Data Center: DCICT
$197.00$177.30
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.