Solved

Site to Site VPN Basics

Posted on 2014-04-14
3
445 Views
Last Modified: 2014-04-15
I have a client with a single location running a single SBS2011 server with Exchange. They are going to expand to a second location in a different town, by setting up an office with a half dozen workstations. My initial thought is that a site-to-site VPN would work for them, but I have not set one up before and would like a little guidance.

- What would be the best equipment to install on each end?
- Would the remote workstations be able to function as if they were set up locally, regarding Exchange and Login functionality?
- What kind of issues will be likely to arise?
- Would it be better / faster to install a second server at the remote location?

Thanks!
0
Comment
Question by:Norm Dickinson
3 Comments
 
LVL 10

Accepted Solution

by:
Rafael earned 251 total points
ID: 40000058
I've have to set up plenty of remote sites and some were different based on the requirements. I have a server set up at home using DNS so that I can help my clients as necessary when not in the office to access my files from ANYWHERE.  

However, these are some thoughts based on my experience.

1. An appliance based firewall that is capable of VPN.  Please watch VPN throughput as there are limits on the cheaper ones.  Two good ones are Cisco ASA and Juniper SSG's.

I'm assuming it's a small office so I would go with a ASA 5505 or a Juniper SSG 5

2. Definitely, have another server there. This will allow them to authenticate locally as opposed to going over a VPN.

3. By having the server there you have both primary site and secondary site replicate the AD forest with updates.  Also, you can install another Exchange server there with a different MX weight and have the users at that site go off that local exchange server. That Exchange server would in turn go out via the VPN to the other site and then send the email out.

4. Issues to arise would be the loss of the VPN. If this occurs and the site is set up right the users can still authenticate locally, and still send email out if you set up split domains.  

Another thing you can do is set up VPN client accounts on the primary site and vice-versa as a backup. That way if you did lose the VPN appliance your users can still dial up the client and connect as if there were in the office.
0
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 249 total points
ID: 40000074
Best equipment: There are so many options out there from built in Windows to top end hardware devices.  Personally I like Watchguard products.  They are simple yet very configurable if you wish to delve in.

Remote workstations:  The basic answer to this one is yes.  As long as they are part of the domain then they will function as any Domain computer, except on a different subnet.  (Remember to add your subnets to Sites and services).

What kind of issues:  VPN will be over a slow connection (relevant to the internal network) so things will be slower for them.  Bandwidth hogs may bring this connection to a crawl if not monitored.

Second Server:  for half a dozen people I would struggle to justify another server, but you could always do a small file server to give the impression of speed and keep your core at HQ.

Another option you could look at is making them work on a terminal Server at HQ.  This way there would be nothing on the remote computers, and all the processing would be done on the server.

As with every remote office configuration ... if you connections goes down .. they are stuck.  If you end up doing watchgaurd .. they should handle dual WAN if you wanted to look at a backup connection.
0
 
LVL 13

Author Closing Comment

by:Norm Dickinson
ID: 40001566
Thanks, that's what I was looking for. More technical questions to follow, I'm sure!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now