Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Linking multiple sites to share network resources

Posted on 2011-09-20
4
292 Views
Last Modified: 2012-05-12
I have a possible project in the near future and it involves linking another building a few miles from the campus. What are some methods and options for setting up a secured tunnel from the new site to the HQ. What are your thoughts in bandwidth requirements as far as sharing resources such as Cisco IPT, Exchange, file server, and other bandwidth-intensive applications.

0
Comment
Question by:pogibear77
  • 3
4 Comments
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36571573
VPN Tunnels would be the right choice.

In order to build the right and affordable solution – you should thoroughly analyze your requirements.. If you decided to use Tunnel, then ask the below Qs to yourself...

Will you require a built-in redundancy and failover between your VPN tunnels?
Will you require a statefull failover or can live with stateless failover?
What is the VPN encryption throughput, bits/sec and packets/sec, you are planning to accommodate?
Given encryption is a CPU intensive task, what other functions does your VPN device perform?
Will you require the use of hardware based solutions to encrypt the traffic or will software based VPN do the job for you?
Are you planning to run dynamic routing protocols over VPN?
Can you leverage existing network infrastructure, such as Cisco Catalyst 6500 switches, to build your VPN solution?

Below are some industry standard best practices to build a reliable and resilient site-to-site VPN solution:

Use 3DES or AES encryption algorithms to encrypt the data payload.
If possible try to use hardware based encryption module to achieve better performance and scalability. Software based solution is going to be CPU bound at some point if your VPN throughput is to increase.
For High Availability – implement an HSRP based failover
Use pre-shared Key for VPN peer authentication, however if you are concerned about security – use digital certificates, as exchange of the shared key can be sniffed during the IPsec phase one.
Other then the ACL to identify which traffic is to be encrypted, avoid having other ACLs on that interfaces.
Use Reverse Route Injection (RRI) if you plan to implement redundant VPN solution. It makes failover seamless by injecting/withdrawing the network static route is remote peer is not accessible.
Whatever vendor software you are using – make sure it supports IPsec VPN and is relatively bug-free.

Regarding the bandwidth, it mainly depends on how many users will be accessing both sites .. Your ISP could give you better suggestions then ...
0
 
LVL 7

Accepted Solution

by:
manu4u earned 500 total points
ID: 36571580
Also, if you are confused which Site to Site VPN would suit you, the below article should help, an excellent article that could give you all the answers.


http://www.networkworld.com/community/node/23294 
0
 

Author Comment

by:pogibear77
ID: 36573535
Awesome response manu4u. I've just begun the exploration of this type of technology so all information is welcomed. I only have one question, as far as using a pre-shared key for VPN peer authentication, does each user need to authenticate manually, lets say, every morning when they sign on to the domain?
0
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36574307
No need ... Everything is done automatically ... You just need to enter the key during the setup at both sides, the rest will take care of by the Appliance....  
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Coral's  "So You Want To Play With Computers" Series Preface: What follows is a tweaked reprint from 2005/06. This is a True Story. The names have been changed to protect the guilty. While this deals with a fairly simple, text file recovery…
If you ever consider purchasing any Daossoft Software Products, DON'T expect any meaningful support - This article should convince you why!
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question