working with remote office over vpn

tips54
tips54 used Ask the Experts™
on
Hello.

I manage an office of 40 users running SBS 2008 in one office.  We just bought another building to move to in the next few months.  In the meantime I have to configure connection between the two offices before we start moving inventory.  

I wanted to get some suggestions on the best and cost affective way to connect the two locations?

This is what my plan was please let me know what I'm missing.

I have a Watchguard firewall X750 box at the current location and I have old watchguard I had replaced.

I am ordering cable service for the new location with one static IP. Configure the old watchguard for the New location and created a vpn between the two watchguard boxes and connect the locations that way.
I am also sending a member server from my the existing sbs network to the new location to allow users to authenticate from there to be able to access the ERP system from the new location.
What I  am not sure of is would I configure DHCP on the member server at the new location an printers?  please let me know what I may be missing or just a new plan b/c mine would not work?

Thank you in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you are ok with your solution.
just avoid configure DHCP(use private ip static)
and for RDC/RDP you require cal /ts client license ...that you need to purchase if you don't have.
I can recommend you to use different subnets for your offices. You can use DHCP in new office, but in router you should deny DHCP requests (ports 67 & 68) between networks through your VPN connection.
or you can use same subnet with different network but try to avoid dhcp

example(192.1681.1.0 for new location and 192.168.2.0 for old location)
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
Thank you all.

How about authentication? I had someone tell me I should copy a copy of the catalogue on the new server to allow the users to authenticate locally instead of over the network.
although this cable is  guaranteed 15Meg down / 3meg  up

Any thoughts on that?
You cannot use the same subnet at both locations because there will be no "routing reference" .. if you will.  That is: a packet destined for 192.168.1.44 from 192.168.1.22  (/24)will simply go out on the wire because they are on the same subnet.  Whereas a packet destined for 192.168.2.44 *mnust* go to the VPN device as the next hop (or the next after the gateway if it's a different device) and on to 192.168.2.0 and hence onto the wire there.

So, the gateway is the right place to put routes to the remote subnet / to the VPN device.  If the gateway and the VPN device are one in the same then this should not be necessary.  It should know.
Ditto, if they are different devices, if the gateway has stateful packet inspection for packets traversing the LAN itself then note:
Incoming packets from the VPN will just drop on the wire at the destination and not hit the gateway router at all.  That means no "state" for the returning packets which *will* hit the gateway.

You're dealing with a server-based world and may have things like AD and so forth.  So, only some of this will apply:

1) because the subnets are different, you need to have different DHCP servers.  One each.

2) you may or may not have name service across the VPN.  If it's NetBIOS (which for you it probably isn't) then enabling NetBIOS traffic across the VPN has tradeoffs.     It means a single Master Browser Computer for the entire network.  Some say that NetBIOS traffic betwen the subnets won't work.  But I have had it working that way. But I don't use it because I haven't found a good support base for it in case it stops working!!  

This affects whether you can address remote computers by name or only by IP address.  It affects what you see in My Network Places - local computers only or all the computers.  

You may be very disappointed with the VPN performance with 3Mbps upload speed.  Note that a VPN is *always* uploading AND downloading at the same time.  People are used to 100Mbps or 1000bps on the LAN.  Dropping down to 3Mbps (or less) can be a rude shock.
File transfers will appear to be brutally slow.  I'd say that 3mbps might be marginally OK and I would want 10 to be sure that it's at least equivalent to the old 10BaseT speeds.
"I am also sending a member server from my the existing sbs network to the new location to allow users to authenticate from there to be able to access the ERP system from the new location." - if it is domain controller, users will authenticate on it.
You can test your ERP from remote office. If it will work too slowly, may be RDP connection to ERP will be solution.

Author

Commented:
I just found out that my Watchguard III 500 model can't be used temporarily at the new location as I thought.  Can anyone recommend an expensive hardware vpn I can easily configure at the new location to create a tunnel to connect the two offices together?

Location (A) has WG 750e    -  location (B) should have ???
fortigate....first preference
juniper ...second prference(SRX not SSG)

Author

Commented:
I ended up configuring two watchguard equipments and so far so good.

Author

Commented:
thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial