Solved

Linking multiple sites to share network resources

Posted on 2011-09-20
4
281 Views
Last Modified: 2012-05-12
I have a possible project in the near future and it involves linking another building a few miles from the campus. What are some methods and options for setting up a secured tunnel from the new site to the HQ. What are your thoughts in bandwidth requirements as far as sharing resources such as Cisco IPT, Exchange, file server, and other bandwidth-intensive applications.

0
Comment
Question by:pogibear77
  • 3
4 Comments
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36571573
VPN Tunnels would be the right choice.

In order to build the right and affordable solution – you should thoroughly analyze your requirements.. If you decided to use Tunnel, then ask the below Qs to yourself...

Will you require a built-in redundancy and failover between your VPN tunnels?
Will you require a statefull failover or can live with stateless failover?
What is the VPN encryption throughput, bits/sec and packets/sec, you are planning to accommodate?
Given encryption is a CPU intensive task, what other functions does your VPN device perform?
Will you require the use of hardware based solutions to encrypt the traffic or will software based VPN do the job for you?
Are you planning to run dynamic routing protocols over VPN?
Can you leverage existing network infrastructure, such as Cisco Catalyst 6500 switches, to build your VPN solution?

Below are some industry standard best practices to build a reliable and resilient site-to-site VPN solution:

Use 3DES or AES encryption algorithms to encrypt the data payload.
If possible try to use hardware based encryption module to achieve better performance and scalability. Software based solution is going to be CPU bound at some point if your VPN throughput is to increase.
For High Availability – implement an HSRP based failover
Use pre-shared Key for VPN peer authentication, however if you are concerned about security – use digital certificates, as exchange of the shared key can be sniffed during the IPsec phase one.
Other then the ACL to identify which traffic is to be encrypted, avoid having other ACLs on that interfaces.
Use Reverse Route Injection (RRI) if you plan to implement redundant VPN solution. It makes failover seamless by injecting/withdrawing the network static route is remote peer is not accessible.
Whatever vendor software you are using – make sure it supports IPsec VPN and is relatively bug-free.

Regarding the bandwidth, it mainly depends on how many users will be accessing both sites .. Your ISP could give you better suggestions then ...
0
 
LVL 7

Accepted Solution

by:
manu4u earned 500 total points
ID: 36571580
Also, if you are confused which Site to Site VPN would suit you, the below article should help, an excellent article that could give you all the answers.


http://www.networkworld.com/community/node/23294 
0
 

Author Comment

by:pogibear77
ID: 36573535
Awesome response manu4u. I've just begun the exploration of this type of technology so all information is welcomed. I only have one question, as far as using a pre-shared key for VPN peer authentication, does each user need to authenticate manually, lets say, every morning when they sign on to the domain?
0
 
LVL 7

Assisted Solution

by:manu4u
manu4u earned 500 total points
ID: 36574307
No need ... Everything is done automatically ... You just need to enter the key during the setup at both sides, the rest will take care of by the Appliance....  
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cloud Backup -- search by date range ? 1 75
RHEL ES 4 Acronis True Image Echo 8.018 Issues 8 34
Checking for faulty Disk Drive in Windows 4 68
volume shadow copies 4 61
Finally comes the third version of VMware Virtual SAN, whose name is 6.1, and comes loaded with new features many of which really are excellent and even surprising.
Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now