Linking multiple sites to share network resources

Posted on 2011-09-20
Medium Priority
Last Modified: 2012-05-12
I have a possible project in the near future and it involves linking another building a few miles from the campus. What are some methods and options for setting up a secured tunnel from the new site to the HQ. What are your thoughts in bandwidth requirements as far as sharing resources such as Cisco IPT, Exchange, file server, and other bandwidth-intensive applications.

Question by:pogibear77
  • 3

Assisted Solution

manu4u earned 2000 total points
ID: 36571573
VPN Tunnels would be the right choice.

In order to build the right and affordable solution – you should thoroughly analyze your requirements.. If you decided to use Tunnel, then ask the below Qs to yourself...

Will you require a built-in redundancy and failover between your VPN tunnels?
Will you require a statefull failover or can live with stateless failover?
What is the VPN encryption throughput, bits/sec and packets/sec, you are planning to accommodate?
Given encryption is a CPU intensive task, what other functions does your VPN device perform?
Will you require the use of hardware based solutions to encrypt the traffic or will software based VPN do the job for you?
Are you planning to run dynamic routing protocols over VPN?
Can you leverage existing network infrastructure, such as Cisco Catalyst 6500 switches, to build your VPN solution?

Below are some industry standard best practices to build a reliable and resilient site-to-site VPN solution:

Use 3DES or AES encryption algorithms to encrypt the data payload.
If possible try to use hardware based encryption module to achieve better performance and scalability. Software based solution is going to be CPU bound at some point if your VPN throughput is to increase.
For High Availability – implement an HSRP based failover
Use pre-shared Key for VPN peer authentication, however if you are concerned about security – use digital certificates, as exchange of the shared key can be sniffed during the IPsec phase one.
Other then the ACL to identify which traffic is to be encrypted, avoid having other ACLs on that interfaces.
Use Reverse Route Injection (RRI) if you plan to implement redundant VPN solution. It makes failover seamless by injecting/withdrawing the network static route is remote peer is not accessible.
Whatever vendor software you are using – make sure it supports IPsec VPN and is relatively bug-free.

Regarding the bandwidth, it mainly depends on how many users will be accessing both sites .. Your ISP could give you better suggestions then ...

Accepted Solution

manu4u earned 2000 total points
ID: 36571580
Also, if you are confused which Site to Site VPN would suit you, the below article should help, an excellent article that could give you all the answers.


Author Comment

ID: 36573535
Awesome response manu4u. I've just begun the exploration of this type of technology so all information is welcomed. I only have one question, as far as using a pre-shared key for VPN peer authentication, does each user need to authenticate manually, lets say, every morning when they sign on to the domain?

Assisted Solution

manu4u earned 2000 total points
ID: 36574307
No need ... Everything is done automatically ... You just need to enter the key during the setup at both sides, the rest will take care of by the Appliance....  

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Exchange database may sometimes fail to mount owing to various technical reasons. A dismounted EDB file can be the source of many Exchange errors including mailbox inaccessibility for users. Resolving the root cause of mounting problems becomes …
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question