Solved

Linking multiple sites to share network resources

Posted on 2011-09-20
4
266 Views
Last Modified: 2012-05-12
I have a possible project in the near future and it involves linking another building a few miles from the campus. What are some methods and options for setting up a secured tunnel from the new site to the HQ. What are your thoughts in bandwidth requirements as far as sharing resources such as Cisco IPT, Exchange, file server, and other bandwidth-intensive applications.

0
Comment
Question by:pogibear77
  • 3
4 Comments
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36571573
VPN Tunnels would be the right choice.

In order to build the right and affordable solution – you should thoroughly analyze your requirements.. If you decided to use Tunnel, then ask the below Qs to yourself...

Will you require a built-in redundancy and failover between your VPN tunnels?
Will you require a statefull failover or can live with stateless failover?
What is the VPN encryption throughput, bits/sec and packets/sec, you are planning to accommodate?
Given encryption is a CPU intensive task, what other functions does your VPN device perform?
Will you require the use of hardware based solutions to encrypt the traffic or will software based VPN do the job for you?
Are you planning to run dynamic routing protocols over VPN?
Can you leverage existing network infrastructure, such as Cisco Catalyst 6500 switches, to build your VPN solution?

Below are some industry standard best practices to build a reliable and resilient site-to-site VPN solution:

Use 3DES or AES encryption algorithms to encrypt the data payload.
If possible try to use hardware based encryption module to achieve better performance and scalability. Software based solution is going to be CPU bound at some point if your VPN throughput is to increase.
For High Availability – implement an HSRP based failover
Use pre-shared Key for VPN peer authentication, however if you are concerned about security – use digital certificates, as exchange of the shared key can be sniffed during the IPsec phase one.
Other then the ACL to identify which traffic is to be encrypted, avoid having other ACLs on that interfaces.
Use Reverse Route Injection (RRI) if you plan to implement redundant VPN solution. It makes failover seamless by injecting/withdrawing the network static route is remote peer is not accessible.
Whatever vendor software you are using – make sure it supports IPsec VPN and is relatively bug-free.

Regarding the bandwidth, it mainly depends on how many users will be accessing both sites .. Your ISP could give you better suggestions then ...
0
 
LVL 7

Accepted Solution

by:
manu4u earned 500 total points
ID: 36571580
Also, if you are confused which Site to Site VPN would suit you, the below article should help, an excellent article that could give you all the answers.


http://www.networkworld.com/community/node/23294 
0
 

Author Comment

by:pogibear77
ID: 36573535
Awesome response manu4u. I've just begun the exploration of this type of technology so all information is welcomed. I only have one question, as far as using a pre-shared key for VPN peer authentication, does each user need to authenticate manually, lets say, every morning when they sign on to the domain?
0
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36574307
No need ... Everything is done automatically ... You just need to enter the key during the setup at both sides, the rest will take care of by the Appliance....  
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to perform full Bare medal restores for SBS2011 standard 15 90
restore testing exchange 1 47
Anyone paid a Zepto/Locky ransom? 10 377
TLER/ERC timer settings 10 62
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
If you ever consider purchasing any Daossoft Software Products, DON'T expect any meaningful support - This article should convince you why!
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now