?
Solved

Linking multiple sites to share network resources

Posted on 2011-09-20
4
Medium Priority
?
310 Views
Last Modified: 2012-05-12
I have a possible project in the near future and it involves linking another building a few miles from the campus. What are some methods and options for setting up a secured tunnel from the new site to the HQ. What are your thoughts in bandwidth requirements as far as sharing resources such as Cisco IPT, Exchange, file server, and other bandwidth-intensive applications.

0
Comment
Question by:pogibear77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 2000 total points
ID: 36571573
VPN Tunnels would be the right choice.

In order to build the right and affordable solution – you should thoroughly analyze your requirements.. If you decided to use Tunnel, then ask the below Qs to yourself...

Will you require a built-in redundancy and failover between your VPN tunnels?
Will you require a statefull failover or can live with stateless failover?
What is the VPN encryption throughput, bits/sec and packets/sec, you are planning to accommodate?
Given encryption is a CPU intensive task, what other functions does your VPN device perform?
Will you require the use of hardware based solutions to encrypt the traffic or will software based VPN do the job for you?
Are you planning to run dynamic routing protocols over VPN?
Can you leverage existing network infrastructure, such as Cisco Catalyst 6500 switches, to build your VPN solution?

Below are some industry standard best practices to build a reliable and resilient site-to-site VPN solution:

Use 3DES or AES encryption algorithms to encrypt the data payload.
If possible try to use hardware based encryption module to achieve better performance and scalability. Software based solution is going to be CPU bound at some point if your VPN throughput is to increase.
For High Availability – implement an HSRP based failover
Use pre-shared Key for VPN peer authentication, however if you are concerned about security – use digital certificates, as exchange of the shared key can be sniffed during the IPsec phase one.
Other then the ACL to identify which traffic is to be encrypted, avoid having other ACLs on that interfaces.
Use Reverse Route Injection (RRI) if you plan to implement redundant VPN solution. It makes failover seamless by injecting/withdrawing the network static route is remote peer is not accessible.
Whatever vendor software you are using – make sure it supports IPsec VPN and is relatively bug-free.

Regarding the bandwidth, it mainly depends on how many users will be accessing both sites .. Your ISP could give you better suggestions then ...
0
 
LVL 7

Accepted Solution

by:
manu4u earned 2000 total points
ID: 36571580
Also, if you are confused which Site to Site VPN would suit you, the below article should help, an excellent article that could give you all the answers.


http://www.networkworld.com/community/node/23294 
0
 

Author Comment

by:pogibear77
ID: 36573535
Awesome response manu4u. I've just begun the exploration of this type of technology so all information is welcomed. I only have one question, as far as using a pre-shared key for VPN peer authentication, does each user need to authenticate manually, lets say, every morning when they sign on to the domain?
0
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 2000 total points
ID: 36574307
No need ... Everything is done automatically ... You just need to enter the key during the setup at both sides, the rest will take care of by the Appliance....  
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

VM backups can be lost due to a number of reasons: accidental backup deletion, backup file corruption, disk failure, lost or stolen hardware, malicious attack, or due to some other undesired and unpredicted event. Thus, having more than one copy of …
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question