Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

VPN two locations

I have been tasked with connecting two offices together on a VPN so that office B can use office A's telephone lines.

I am able to make a VPN from one computer in to the network at office A, however i want to be able to connect several computers over the link and also ip phones.

Both of the offices must be able to use their local internet connect as the speeds are not that great and if all traffic was being sent to office A then the internet would be impossible to use.

The server that i have set up at office A is running windows server 2003.

I am new to VPN's and so i dont really know what i am doing. If anyone can help it would be great
0
Charlton91
Asked:
Charlton91
  • 4
  • 4
  • 2
2 Solutions
 
Rob WilliamsCommented:
You will want to install 2 hardest VPN routers, one at each site.  The least expensive stable units I would recommend are the Cisco/Linksys RV042 for about $200 each.  These will allow you to achieve your requirements, though VoIP traffic will slow others when browsing.
0
 
BlueComputeCommented:
To do this job properly, you'll need to use a router at each end to manage the VPN. The routers you're already doing may support it (Netgear DG834 series routers do), if not I thoroughly reccomend Draytek routers, the 2710n or 2820 would do for this.
You could carry on as you are, and set up loads of pc-to-pc VPNs, but that's not going to work for your IP phones etc.
You'll need to budget about £175 or so at each end for the router to do this, once you've got these it's actually fairly straightforward, let me know what hardware you intend to use and I can provide some specific instructions.
0
 
Charlton91Author Commented:
Thanks for the quick response.
In office A we have cisco 877 router and office B has a TP link TL-WR842ND.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Rob WilliamsCommented:
Though both are VPN capable routers you are best to have similar units both for ease of configuration and support.  The TP Link unit does support VPN's but has limited capabilities.
0
 
BlueComputeCommented:
RobWill's quite right - depending on how highly you value your time, replacing the tp-link would be a good idea, that said the 877's past end-of-life now anyway so you'd have to replace both. With the same kit at both ends the job's pretty easy, if you fancy trying it with the kit you've got (it's perfectly possible, just not for the faint-of-heart), there's info about ipsec on the tplink here: http://www.tp-link.com/en/article/?faqid=380 , for the cisco router it depends a lot which firmware it has installed, do you have access to web management for the 877?
0
 
Charlton91Author Commented:
The firmware version of the Cisco 877 is 12.4(24)T5
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of antoher 877 would this then make configuring the VPN easier?
Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?
0
 
BlueComputeCommented:
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of another 877 would this then make configuring the VPN easier?

I'm not very familiar with Cisco gear, but I believe you need to enable http access and install the Cisco SDM package to use the web configuration utility.  If you can do this then it shouldn't be too difficult to set up a site-to-site VPN between the two Cisco 877s.  That said, the Cisco routers are inherently a more complex device than (eg.) the TP-link, so it won't be as straightforward as configuring a site-to-site VPN on simpler 'consumer level' routers.

Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?

You can use split-tunneling to utilise the local internet connection as well as the VPN tunnel, ie. only packets for the IP range accessed by VPN will be sent over the VPN.  This functionality is common to almost all VPN routers, so it doesn't matter which devices you go for.
0
 
Rob WilliamsCommented:
Using two identical routers does make it much easier as you use the same commands and the location of attributes is the same in web configuration models.  Cisco routers are generally configured from a command, line the "CLI". The following link is a general description of the process if interested. http://www.youtube.com/watch?v=Ug1yD8Ov_00
If not familiar with Cisco's you may wish to change models, hire someone to do so, or post a specific configuration question in the Cisco topic area.  They can help you with the specific commands for your unit and firmware.

Yes you will still have local internet access.  When using a VPN client "split tunneling" comes into play and is generally blocked, and thus you loose local network access, as a security feature.  This des not apply with a site to site VPN tunnel.
0
 
Rob WilliamsCommented:
Sorry BlueCompute I should have refreshed before posting.  Yours was not there when I started typing.  Some duplication.
0
 
BlueComputeCommented:
No worries RobWill, easily done, especially if you actually research the answers while writing them, think we're both providing different but useful info anyway ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now