Let’s say you are currently operating an office of 10~50 users, running Windows Server 2000/2003, mainly to share printers and files. You need to open a new office or add new location to work from. You want to create a WAN or VPN so that the users can still access files on the server. Your current Internet setup is ADSL Modem, to a Router, to a switch. Server connects to the Switch and the rest of the office connects to a switch also. Also, another possibility is to say you just want to connect your Home to your Network at work. Or even two different networks in your building.
What you basically want is a network like the attached Image below. Set up each site as its own network but using different private address ranges. If you have a different private addressing scheme in place at the main site (eg 192.168.2.xxx or something) then keeping that is fine, just make sure that the one you use at the new site doesn't overlap. When you connect the two sites, they'll just see each other as one big network, so in that diagram below the people in the new site will be able to ping 192.168.1.2 and just get to the right machine at the old site. Everyone will be on the same gateway as programmed into each router
There are two basic options for how you connect the two sites.
The first is to run a private link between them. Typically this would be something like ISDN, frame relay or Ethernet, depending on distance, speed requirement and how much money you have to throw at it. This is generally the more expensive option, although it's also the most reliable.
The other is to give each site a decent (cable/ADSL) Internet connection and set up a VPN pass-through. By configuring the VPN on the two routers, the machines at each end have no idea what's in the middle; they just see the other site as a network which is reachable through the router. This is generally cheaper, but you're relying on your ISP for performance. If you do this, pay particular attention to the upload speeds your ISP offers, because the transfer speed between the sites will be kept to the slower of the sending site's upload and the receiving site's download. Normal ADSL is capable of up to 1.5 Mbps uploads, but many ISPs throttle it to far less.
For the VPN method, some of the higher-end consumer gear can set up a VPN tunnel over an Internet connection. For the direct link, you'll be looking at a proper Cisco router or similar brand. Although, Cisco now owns Linksys and their BEFSX41 router will also work just fine.(See *-Note)
The important thing I don't want to forget to mention is that you need to look for in the specs is the ability for the router to maintain a VPN connection by itself. Just about every consumer router will support 'VPN pass-through', which is just letting the PCs behind the router do VPN stuff, but only some will maintain the VPN tunnel themselves.
The other thing you'll need at each end is a static IP address on the Internet connection -- dynamic DNS and IPsec VPNs generally don't mix.
*-Note! The BEFSX41 Linksys Instant Broadband™ EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint is the perfect solution for connecting a small group of PCs to a high-speed broadband Internet connection or a 10/100 Ethernet backbone. The Router can be configured to limit internal users’ Internet access based on URLs and/or time periods - URL filtering and time filtering. For enhanced protection against intruders from the Internet, the Router features an advanced Stateful Packet Inspection firewall. Use the Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint to create IPSec VPN tunnels, so you can securely connect to the corporate server from your home office—or any location when you’re on the road. The Router provides a dedicated port for DMZ hosting and acts as the only externally recognized Internet gateway on your local area network (LAN). With the performance and security features of the Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint, your network will take advantage of the Internet while keeping its data secure.
Another Option is a WRVS4400N Wireless-N Gigabit Security Router with VPN, Secure, high-speed wireless networking for growing businesses or gaming family.
• Wireless-N offers greater speed and coverage than Wireless-G, while at the same time being backwards compatible with 802.11b and g devices
• SPI Firewall, and Intrusion Prevention secure the work from outside threats
• QuickVPN IPSec VPN tunnel support provides secure remote user connectivity
• Support for WMM provides improved QoS over wireless connections for better video and voice performance
The WRV200 Wireless-G VPN Router with RangeBooster, Secure, smart wireless networking for growing Businesses.
• RangeBooster (MIMO) technology for dramatically increased range
• SPI Firewall, Encryption, and VPN support makes your network secure
• Multiple BSSIDs and VLANs provide separate secure networks
• Enhanced QoS for both Wireless and wired provide improved quality voice/video
No comments:
Post a Comment