Solved

VPN two locations

Posted on 2013-01-08
10
397 Views
Last Modified: 2013-01-09
I have been tasked with connecting two offices together on a VPN so that office B can use office A's telephone lines.

I am able to make a VPN from one computer in to the network at office A, however i want to be able to connect several computers over the link and also ip phones.

Both of the offices must be able to use their local internet connect as the speeds are not that great and if all traffic was being sent to office A then the internet would be impossible to use.

The server that i have set up at office A is running windows server 2003.

I am new to VPN's and so i dont really know what i am doing. If anyone can help it would be great
0
Comment
Question by:Charlton91
  • 4
  • 4
  • 2
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38755212
You will want to install 2 hardest VPN routers, one at each site.  The least expensive stable units I would recommend are the Cisco/Linksys RV042 for about $200 each.  These will allow you to achieve your requirements, though VoIP traffic will slow others when browsing.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38755221
To do this job properly, you'll need to use a router at each end to manage the VPN. The routers you're already doing may support it (Netgear DG834 series routers do), if not I thoroughly reccomend Draytek routers, the 2710n or 2820 would do for this.
You could carry on as you are, and set up loads of pc-to-pc VPNs, but that's not going to work for your IP phones etc.
You'll need to budget about £175 or so at each end for the router to do this, once you've got these it's actually fairly straightforward, let me know what hardware you intend to use and I can provide some specific instructions.
0
 

Author Comment

by:Charlton91
ID: 38755539
Thanks for the quick response.
In office A we have cisco 877 router and office B has a TP link TL-WR842ND.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38755839
Though both are VPN capable routers you are best to have similar units both for ease of configuration and support.  The TP Link unit does support VPN's but has limited capabilities.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38756159
RobWill's quite right - depending on how highly you value your time, replacing the tp-link would be a good idea, that said the 877's past end-of-life now anyway so you'd have to replace both. With the same kit at both ends the job's pretty easy, if you fancy trying it with the kit you've got (it's perfectly possible, just not for the faint-of-heart), there's info about ipsec on the tplink here: http://www.tp-link.com/en/article/?faqid=380 , for the cisco router it depends a lot which firmware it has installed, do you have access to web management for the 877?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:Charlton91
ID: 38758477
The firmware version of the Cisco 877 is 12.4(24)T5
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of antoher 877 would this then make configuring the VPN easier?
Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 250 total points
ID: 38758614
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of another 877 would this then make configuring the VPN easier?

I'm not very familiar with Cisco gear, but I believe you need to enable http access and install the Cisco SDM package to use the web configuration utility.  If you can do this then it shouldn't be too difficult to set up a site-to-site VPN between the two Cisco 877s.  That said, the Cisco routers are inherently a more complex device than (eg.) the TP-link, so it won't be as straightforward as configuring a site-to-site VPN on simpler 'consumer level' routers.

Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?

You can use split-tunneling to utilise the local internet connection as well as the VPN tunnel, ie. only packets for the IP range accessed by VPN will be sent over the VPN.  This functionality is common to almost all VPN routers, so it doesn't matter which devices you go for.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 38758632
Using two identical routers does make it much easier as you use the same commands and the location of attributes is the same in web configuration models.  Cisco routers are generally configured from a command, line the "CLI". The following link is a general description of the process if interested. http://www.youtube.com/watch?v=Ug1yD8Ov_00
If not familiar with Cisco's you may wish to change models, hire someone to do so, or post a specific configuration question in the Cisco topic area.  They can help you with the specific commands for your unit and firmware.

Yes you will still have local internet access.  When using a VPN client "split tunneling" comes into play and is generally blocked, and thus you loose local network access, as a security feature.  This des not apply with a site to site VPN tunnel.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38758637
Sorry BlueCompute I should have refreshed before posting.  Yours was not there when I started typing.  Some duplication.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38758679
No worries RobWill, easily done, especially if you actually research the answers while writing them, think we're both providing different but useful info anyway ;)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now