Solved

mulit VPN from mulit remote systems

Posted on 2013-05-20
13
217 Views
Last Modified: 2013-06-07
HI All ,

can any one help ?

need to have mulit VPN's into one central office ,but each VPN must go to a different server.

was thinking PS sence ot untangle ?
0
Comment
Question by:awall2012
  • 7
  • 6
13 Comments
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
First question... are you considering those two products because you have prior experience with them?  Any reason why you're not planning to purchase a firewall / router that can host these connections?

You say you need to have multiple tunnels terminating at one office... not a problem.  How many?  Are there multiple servers at each site?  

Can you clarify what you mean about "each VPN must go to a different server"?
0
 

Author Comment

by:awall2012
Comment Utility
q)First question... are you considering those two products because you have prior experience with them
A)  yes

q)Any reason why you're not planning to purchase a firewall / router that can host these connections?
A) cost (testing)

Q)You say you need to have multiple tunnels terminating at one office... not a problem.  How many?  
A)at lest 20 poss more later

Q)Are there multiple servers at each site?  
a) no

q)Can you clarify what you mean about "each VPN must go to a different server"?

a) each remote office (read one VPN) will be access a diffent server at the main office

so remote office A > VPN >main office > server A

     remote office B >VPN main office > server B
   remote office B1 > VPN > main office >server B

  remove office C > vpn main office > server C
  c1>server C
  c2 > server C
  c3>server C

  D> server D   ETC .ETC
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Ok I'm following you now...

Are the remote offices a part of your organization?  If not, what device or software will be used on the remote end to host the tunnel?  Any issues with bandwidth that you need to work out?

Overall, what's your questions?  It sounds pretty straight forward from your last post... site to site IPSEC tunnels with a single host on each side.
0
 

Author Comment

by:awall2012
Comment Utility
q)Are the remote offices a part of your organization
a) no

Q) what device or software will be used on the remote end to host the tunnel
A) still waitting on that info . some are home router with XP or Win7 PC's

q) Any issues with bandwidth
a) should not be this end

Q) what's your questions
a)  Connect each remote site to a separate local server via VPN for secure access.
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Definitely do-able... you really need to know what devices will be on the other end before making any firm decisions on what you'll be using on your side.  Trust me when I say that there's no such thing as a VPN host that is compatible with all other VPN hosts...

I'm a little concerned about the other end part... you're saying these are home offices?  Are you going to be responsible for providing support for the tunnels?  If so, and if it were me, I'd go in a totally different direction.

What services will the user be connecting to on the server?  Are they using remote desktop or something?  There may be a much easier way to link them up securely without dealing with trying to maintain IPSEC tunnels over consumer grade gear on residential internet connections which won't have static IP's.
0
 

Author Comment

by:awall2012
Comment Utility
q)- you really need to know what devices will be on the other end before making any firm decisions
A) yes I agee , but Iam waitting on this info.

q)home offices?  /  responsible for providing support for the tunnels
a) afraid so ..... /  probably

Q) go in a totally different direction.
a) Iam very open to ideas

Q)Are they using remote desktop
a)yes as well as needing VPN

Q)There may be a much easier way to link them up securely without dealing with trying to maintain IPSEC tunnels over consumer grade gear on residential internet connections which won't have static IP's.
a) Iam very open to ideas about this hole Thingy
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Cool deal... first, we'll need a list of all the services they will be using.  I know you're saying they need VPN but let's let VPN itself aside for a second... what will they actually be doing over that connection?

If we can get a good list then I can probably offer a few options...

Is there a budget for this?  or do we absolutely have to stick with totally free options?
0
 

Author Comment

by:awall2012
Comment Utility
q)budget for this
a) not this year , so need to stick with thw free bee s

q) what will they actually be doing over that connection?
a) file moves, internal only web access , backups, internat only DB access .
     internal only emails .
0
 
LVL 8

Expert Comment

by:jpgobert
Comment Utility
Ok...

Will any of those activities be allowed to occur from their personal PC or only from within the remote deskop session?

Understood on the free part... let's see what we can come up with.
0
 

Author Comment

by:awall2012
Comment Utility
some services via RDP

most from there PC to the serve ,  hence the VPN queston
0
 
LVL 8

Accepted Solution

by:
jpgobert earned 500 total points
Comment Utility
OK... any reason why you wouldn't go with more of a "dial-up" VPN client solution?  To be honest that would be MUCH easier to setup, maintain and deploy to the users.  No special hardware or software on their side... you'd only need routing and remote access on a Windows server on your side... you *could* go with a separate software just for the VPN but you really don't have to if you don't want to.

If you were to run site-to-site tunnels between you and them you'd need to make sure that the ACL's were setup to block everything from their side except for the devices that should be connecting over the tunnel... then you'd have to make sure that they didn't change their IP's on those devices so that the ACL would need to change... could get really annoying.
0
 

Author Comment

by:awall2012
Comment Utility
q)dial-up" VPN client solution
a) yes could do that
0
 

Author Closing Comment

by:awall2012
Comment Utility
thank you
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now