Solved

Site to Site VPN Basics

Posted on 2014-04-14
3
460 Views
Last Modified: 2014-04-15
I have a client with a single location running a single SBS2011 server with Exchange. They are going to expand to a second location in a different town, by setting up an office with a half dozen workstations. My initial thought is that a site-to-site VPN would work for them, but I have not set one up before and would like a little guidance.

- What would be the best equipment to install on each end?
- Would the remote workstations be able to function as if they were set up locally, regarding Exchange and Login functionality?
- What kind of issues will be likely to arise?
- Would it be better / faster to install a second server at the remote location?

Thanks!
0
Comment
Question by:Norm Dickinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 251 total points
ID: 40000058
I've have to set up plenty of remote sites and some were different based on the requirements. I have a server set up at home using DNS so that I can help my clients as necessary when not in the office to access my files from ANYWHERE.  

However, these are some thoughts based on my experience.

1. An appliance based firewall that is capable of VPN.  Please watch VPN throughput as there are limits on the cheaper ones.  Two good ones are Cisco ASA and Juniper SSG's.

I'm assuming it's a small office so I would go with a ASA 5505 or a Juniper SSG 5

2. Definitely, have another server there. This will allow them to authenticate locally as opposed to going over a VPN.

3. By having the server there you have both primary site and secondary site replicate the AD forest with updates.  Also, you can install another Exchange server there with a different MX weight and have the users at that site go off that local exchange server. That Exchange server would in turn go out via the VPN to the other site and then send the email out.

4. Issues to arise would be the loss of the VPN. If this occurs and the site is set up right the users can still authenticate locally, and still send email out if you set up split domains.  

Another thing you can do is set up VPN client accounts on the primary site and vice-versa as a backup. That way if you did lose the VPN appliance your users can still dial up the client and connect as if there were in the office.
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 249 total points
ID: 40000074
Best equipment: There are so many options out there from built in Windows to top end hardware devices.  Personally I like Watchguard products.  They are simple yet very configurable if you wish to delve in.

Remote workstations:  The basic answer to this one is yes.  As long as they are part of the domain then they will function as any Domain computer, except on a different subnet.  (Remember to add your subnets to Sites and services).

What kind of issues:  VPN will be over a slow connection (relevant to the internal network) so things will be slower for them.  Bandwidth hogs may bring this connection to a crawl if not monitored.

Second Server:  for half a dozen people I would struggle to justify another server, but you could always do a small file server to give the impression of speed and keep your core at HQ.

Another option you could look at is making them work on a terminal Server at HQ.  This way there would be nothing on the remote computers, and all the processing would be done on the server.

As with every remote office configuration ... if you connections goes down .. they are stuck.  If you end up doing watchgaurd .. they should handle dual WAN if you wanted to look at a backup connection.
0
 
LVL 13

Author Closing Comment

by:Norm Dickinson
ID: 40001566
Thanks, that's what I was looking for. More technical questions to follow, I'm sure!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question