Solved

VPN two locations

Posted on 2013-01-08
10
405 Views
Last Modified: 2013-01-09
I have been tasked with connecting two offices together on a VPN so that office B can use office A's telephone lines.

I am able to make a VPN from one computer in to the network at office A, however i want to be able to connect several computers over the link and also ip phones.

Both of the offices must be able to use their local internet connect as the speeds are not that great and if all traffic was being sent to office A then the internet would be impossible to use.

The server that i have set up at office A is running windows server 2003.

I am new to VPN's and so i dont really know what i am doing. If anyone can help it would be great
0
Comment
Question by:Charlton91
  • 4
  • 4
  • 2
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38755212
You will want to install 2 hardest VPN routers, one at each site.  The least expensive stable units I would recommend are the Cisco/Linksys RV042 for about $200 each.  These will allow you to achieve your requirements, though VoIP traffic will slow others when browsing.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38755221
To do this job properly, you'll need to use a router at each end to manage the VPN. The routers you're already doing may support it (Netgear DG834 series routers do), if not I thoroughly reccomend Draytek routers, the 2710n or 2820 would do for this.
You could carry on as you are, and set up loads of pc-to-pc VPNs, but that's not going to work for your IP phones etc.
You'll need to budget about £175 or so at each end for the router to do this, once you've got these it's actually fairly straightforward, let me know what hardware you intend to use and I can provide some specific instructions.
0
 

Author Comment

by:Charlton91
ID: 38755539
Thanks for the quick response.
In office A we have cisco 877 router and office B has a TP link TL-WR842ND.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 38755839
Though both are VPN capable routers you are best to have similar units both for ease of configuration and support.  The TP Link unit does support VPN's but has limited capabilities.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38756159
RobWill's quite right - depending on how highly you value your time, replacing the tp-link would be a good idea, that said the 877's past end-of-life now anyway so you'd have to replace both. With the same kit at both ends the job's pretty easy, if you fancy trying it with the kit you've got (it's perfectly possible, just not for the faint-of-heart), there's info about ipsec on the tplink here: http://www.tp-link.com/en/article/?faqid=380 , for the cisco router it depends a lot which firmware it has installed, do you have access to web management for the 877?
0
 

Author Comment

by:Charlton91
ID: 38758477
The firmware version of the Cisco 877 is 12.4(24)T5
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of antoher 877 would this then make configuring the VPN easier?
Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 250 total points
ID: 38758614
I am am able to access the unit via the command line but not by the web management utility. If i was to get hold of another 877 would this then make configuring the VPN easier?

I'm not very familiar with Cisco gear, but I believe you need to enable http access and install the Cisco SDM package to use the web configuration utility.  If you can do this then it shouldn't be too difficult to set up a site-to-site VPN between the two Cisco 877s.  That said, the Cisco routers are inherently a more complex device than (eg.) the TP-link, so it won't be as straightforward as configuring a site-to-site VPN on simpler 'consumer level' routers.

Also i need to be able to still use the local internet connection, would this be possible to achieve with the 877?

You can use split-tunneling to utilise the local internet connection as well as the VPN tunnel, ie. only packets for the IP range accessed by VPN will be sent over the VPN.  This functionality is common to almost all VPN routers, so it doesn't matter which devices you go for.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 38758632
Using two identical routers does make it much easier as you use the same commands and the location of attributes is the same in web configuration models.  Cisco routers are generally configured from a command, line the "CLI". The following link is a general description of the process if interested. http://www.youtube.com/watch?v=Ug1yD8Ov_00
If not familiar with Cisco's you may wish to change models, hire someone to do so, or post a specific configuration question in the Cisco topic area.  They can help you with the specific commands for your unit and firmware.

Yes you will still have local internet access.  When using a VPN client "split tunneling" comes into play and is generally blocked, and thus you loose local network access, as a security feature.  This des not apply with a site to site VPN tunnel.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 38758637
Sorry BlueCompute I should have refreshed before posting.  Yours was not there when I started typing.  Some duplication.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38758679
No worries RobWill, easily done, especially if you actually research the answers while writing them, think we're both providing different but useful info anyway ;)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 L2TP VPN Windows client to server 3 35
VPN Connection WIndows 10 5 78
SMB Packet - File Data 4 41
Problems with VPN 4 19
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question