Solved

Site to Site VPN Basics

Posted on 2014-04-14
3
467 Views
Last Modified: 2014-04-15
I have a client with a single location running a single SBS2011 server with Exchange. They are going to expand to a second location in a different town, by setting up an office with a half dozen workstations. My initial thought is that a site-to-site VPN would work for them, but I have not set one up before and would like a little guidance.

- What would be the best equipment to install on each end?
- Would the remote workstations be able to function as if they were set up locally, regarding Exchange and Login functionality?
- What kind of issues will be likely to arise?
- Would it be better / faster to install a second server at the remote location?

Thanks!
0
Comment
Question by:Norm Dickinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 251 total points
ID: 40000058
I've have to set up plenty of remote sites and some were different based on the requirements. I have a server set up at home using DNS so that I can help my clients as necessary when not in the office to access my files from ANYWHERE.  

However, these are some thoughts based on my experience.

1. An appliance based firewall that is capable of VPN.  Please watch VPN throughput as there are limits on the cheaper ones.  Two good ones are Cisco ASA and Juniper SSG's.

I'm assuming it's a small office so I would go with a ASA 5505 or a Juniper SSG 5

2. Definitely, have another server there. This will allow them to authenticate locally as opposed to going over a VPN.

3. By having the server there you have both primary site and secondary site replicate the AD forest with updates.  Also, you can install another Exchange server there with a different MX weight and have the users at that site go off that local exchange server. That Exchange server would in turn go out via the VPN to the other site and then send the email out.

4. Issues to arise would be the loss of the VPN. If this occurs and the site is set up right the users can still authenticate locally, and still send email out if you set up split domains.  

Another thing you can do is set up VPN client accounts on the primary site and vice-versa as a backup. That way if you did lose the VPN appliance your users can still dial up the client and connect as if there were in the office.
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 249 total points
ID: 40000074
Best equipment: There are so many options out there from built in Windows to top end hardware devices.  Personally I like Watchguard products.  They are simple yet very configurable if you wish to delve in.

Remote workstations:  The basic answer to this one is yes.  As long as they are part of the domain then they will function as any Domain computer, except on a different subnet.  (Remember to add your subnets to Sites and services).

What kind of issues:  VPN will be over a slow connection (relevant to the internal network) so things will be slower for them.  Bandwidth hogs may bring this connection to a crawl if not monitored.

Second Server:  for half a dozen people I would struggle to justify another server, but you could always do a small file server to give the impression of speed and keep your core at HQ.

Another option you could look at is making them work on a terminal Server at HQ.  This way there would be nothing on the remote computers, and all the processing would be done on the server.

As with every remote office configuration ... if you connections goes down .. they are stuck.  If you end up doing watchgaurd .. they should handle dual WAN if you wanted to look at a backup connection.
0
 
LVL 13

Author Closing Comment

by:Norm Dickinson
ID: 40001566
Thanks, that's what I was looking for. More technical questions to follow, I'm sure!
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question