Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Site to Site VPN Basics

Posted on 2014-04-14
3
Medium Priority
?
480 Views
Last Modified: 2014-04-15
I have a client with a single location running a single SBS2011 server with Exchange. They are going to expand to a second location in a different town, by setting up an office with a half dozen workstations. My initial thought is that a site-to-site VPN would work for them, but I have not set one up before and would like a little guidance.

- What would be the best equipment to install on each end?
- Would the remote workstations be able to function as if they were set up locally, regarding Exchange and Login functionality?
- What kind of issues will be likely to arise?
- Would it be better / faster to install a second server at the remote location?

Thanks!
0
Comment
Question by:Norm Dickinson
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 1004 total points
ID: 40000058
I've have to set up plenty of remote sites and some were different based on the requirements. I have a server set up at home using DNS so that I can help my clients as necessary when not in the office to access my files from ANYWHERE.  

However, these are some thoughts based on my experience.

1. An appliance based firewall that is capable of VPN.  Please watch VPN throughput as there are limits on the cheaper ones.  Two good ones are Cisco ASA and Juniper SSG's.

I'm assuming it's a small office so I would go with a ASA 5505 or a Juniper SSG 5

2. Definitely, have another server there. This will allow them to authenticate locally as opposed to going over a VPN.

3. By having the server there you have both primary site and secondary site replicate the AD forest with updates.  Also, you can install another Exchange server there with a different MX weight and have the users at that site go off that local exchange server. That Exchange server would in turn go out via the VPN to the other site and then send the email out.

4. Issues to arise would be the loss of the VPN. If this occurs and the site is set up right the users can still authenticate locally, and still send email out if you set up split domains.  

Another thing you can do is set up VPN client accounts on the primary site and vice-versa as a backup. That way if you did lose the VPN appliance your users can still dial up the client and connect as if there were in the office.
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 996 total points
ID: 40000074
Best equipment: There are so many options out there from built in Windows to top end hardware devices.  Personally I like Watchguard products.  They are simple yet very configurable if you wish to delve in.

Remote workstations:  The basic answer to this one is yes.  As long as they are part of the domain then they will function as any Domain computer, except on a different subnet.  (Remember to add your subnets to Sites and services).

What kind of issues:  VPN will be over a slow connection (relevant to the internal network) so things will be slower for them.  Bandwidth hogs may bring this connection to a crawl if not monitored.

Second Server:  for half a dozen people I would struggle to justify another server, but you could always do a small file server to give the impression of speed and keep your core at HQ.

Another option you could look at is making them work on a terminal Server at HQ.  This way there would be nothing on the remote computers, and all the processing would be done on the server.

As with every remote office configuration ... if you connections goes down .. they are stuck.  If you end up doing watchgaurd .. they should handle dual WAN if you wanted to look at a backup connection.
0
 
LVL 13

Author Closing Comment

by:Norm Dickinson
ID: 40001566
Thanks, that's what I was looking for. More technical questions to follow, I'm sure!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question