Solved

IPsec VPN

Posted on 2014-01-12
12
443 Views
Last Modified: 2014-03-29
I want to implement IPSec VPN between my office sites, what could be required things(devices, internet line etc...), and how i can implement. Any suggestions are welcome.

Scenario:

HQ = 200 users
Site-1 = 50 user
Site-2 = 50 users
Site-3 = 10 users
Site-4= 100 users
Site-5 = 20 users
0
Comment
Question by:nainasipra
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39775851
Hi,

For equipment i would say get yourself some Cisco ASA devices with 50  user licences where 50 users is sufficient and get unlimited licenses where you need more.

About internet lines, quicker is better but you need to know what capacity you need.
0
 

Author Comment

by:nainasipra
ID: 39775969
thank you patrick,

about required capacity i will have some more meetings with our other departments to make sure their usage but what about internet lines. should i have leased line or broatband connection is ok?
if its broadband connection then i can have 100 mbps on very cheap rate but leased connection even 1 mbps is very costly.

please suggest me to have internet lines for each office?
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39775982
Hi again,

It really depend the usage, if only a handfull users use VPN simultanous you could do with broadband but again, it depend usage.
0
 

Author Comment

by:nainasipra
ID: 39775985
suppose 50 site-users will use ERP and DNS from head office simultaneously ?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39776001
ERP will run in Terminal Server sessions in almost all cases, as datebase-driven applications running via VPN are a pain. DNS will not consume much bandwidth, but you should use local DNS servers for caching results, so requests are much faster and less frequent.
I reckon you want to keep Internet traffic local (not passing it thru the HQ), which is a good idea unless you want to have centralized Web Filtering management.

With broadband connections you'll have to pay attention whether they are synchronous (having the same up- and downstream bandwidth) or asynchronous. For the latter you usually have severe speed restrictions for one direction.
0
 

Author Comment

by:nainasipra
ID: 39776027
i have one domain server for all, its ok i can have more domain server for users, but ERP is used by all users on all sites,
second, you mean i must have synchronous if i have broadband.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 68

Expert Comment

by:Qlemo
ID: 39776260
Local DCs are no requirement but recommended.

You don't need a synchronous connection for the branches if data transfer is mostly into one direction. E.g. Terminal Services are more like downloads - some upstream, huge downstream. But if you need to exchange files, upstream gets more important.

The HQ needs the best connection, of course, and that one should have a fat upstream pipe.
0
 

Author Comment

by:nainasipra
ID: 39776283
still i am not clear that how many connections and what type of connections should i have for all sites,
broadband or leased lines?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39776626
To give a figure:
  HQ: 100/100
  Sites: 100/10 or similar
but that's a guess.
0
 

Author Comment

by:nainasipra
ID: 39778339
how many static IP i must have to do this ?
or all sites dynamic IP will work?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39778856
If all traffic is initiated by the branches, dynamic IPs for those works. But the HQ should have at least one static IP. And it works much better (and is more secure) to have static IPs on all sites.
0
 
LVL 5

Expert Comment

by:Martin Tarlink
ID: 39783431
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
recover cisco router password 5 38
Website Routing Issue 3 34
Cisco VPN Client and Windows 10 9 33
iPad Won't Connect 16 40
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now