Setup site to site VPN?

[Guest Fox1977]

Hi all,

 

Just wanted to get some ideas and expertise from everyone as I'm new

to VPNs and got a big project to work on.

 

Our company has just acquired an office at the other end of the

country and I have the job of connecting the two office networks

together.

 

I have spent the last few weeks getting a remote access VPN up and

running for teleworkers using microsoft RAS. Now i need to look into

getting a site to site VPN setup and just wanted to share my ideas.

 

the plan i was looking at was having each network (complete with DNS,

DHCP and windows domain controller) on a different network address.

Use a draytek router in one office to connect to a sonic wall router

in the other office (running on a different network address). I'm

just in the starting out on a CCNA course so this is a good grounding!

 

I'm just a bit unsure about how I go about setting them up in

practice. I am not too worried about getting the two different

domains sorted yet I'd be happy just to get them connected first.

Were would people recommend starting?

 

Anyone any tips or ideas based on their own experiences?

[Guest Lanwench [MVP - Exchange]]

Re: Setup site to site VPN?

 

Fox1977 <foxj77@gmail.com> wrote:

> Hi all,

>

> Just wanted to get some ideas and expertise from everyone as I'm new

> to VPNs and got a big project to work on.

>

> Our company has just acquired an office at the other end of the

> country and I have the job of connecting the two office networks

> together.

>

> I have spent the last few weeks getting a remote access VPN up and

> running for teleworkers using microsoft RAS. Now i need to look into

> getting a site to site VPN setup and just wanted to share my ideas.

>

> the plan i was looking at was having each network (complete with DNS,

> DHCP and windows domain controller) on a different network address.

> Use a draytek router in one office to connect to a sonic wall router

> in the other office (running on a different network address). I'm

> just in the starting out on a CCNA course so this is a good grounding!

>

> I'm just a bit unsure about how I go about setting them up in

> practice. I am not too worried about getting the two different

> domains sorted yet I'd be happy just to get them connected first.

> Were would people recommend starting?

>

> Anyone any tips or ideas based on their own experiences?

 

You're on the right path. I myself would probably use Sonicwalls on each

end.....but overall, this shouldn't be too tough. Just make sure you use a

different private IP subnet on each side (e.g., 172.16.1.0/24 in the main

office, 172.16.2.0/24 in the branch office).

 

Re domains - is there an existing one at the other company, which you wish

to keep? If so, you could set up a trust. Or, if you're going to fold them

into yours (which might be best, in the long term...), set up a DC/DNS/DHCP

box in the remote office, in your domain, but in its own AD site/subnet (AD

Sites & Services)

[Guest Jeff Stockamp]

Re: Setup site to site VPN?

 

If you're not familiar with VPN setup, i would discourage using routers from

2 different manufacturers. Use the same router at both locations and the

setup should be easy, and you can call a single vendor to get support if you

run into problems. As with just about anything in networking, there are

standards for VPN, but every vendor tweaks them a little.

 

- Jeff

 

"Fox1977" <foxj77@gmail.com> wrote in message

news:52de474a-7fcb-4470-86de-b268b4f41f66@a35g2000prf.googlegroups.com...

> Hi all,

>

> Just wanted to get some ideas and expertise from everyone as I'm new

> to VPNs and got a big project to work on.

>

> Our company has just acquired an office at the other end of the

> country and I have the job of connecting the two office networks

> together.

>

> I have spent the last few weeks getting a remote access VPN up and

> running for teleworkers using microsoft RAS. Now i need to look into

> getting a site to site VPN setup and just wanted to share my ideas.

>

> the plan i was looking at was having each network (complete with DNS,

> DHCP and windows domain controller) on a different network address.

> Use a draytek router in one office to connect to a sonic wall router

> in the other office (running on a different network address). I'm

> just in the starting out on a CCNA course so this is a good grounding!

>

> I'm just a bit unsure about how I go about setting them up in

> practice. I am not too worried about getting the two different

> domains sorted yet I'd be happy just to get them connected first.

> Were would people recommend starting?

>

> Anyone any tips or ideas based on their own experiences?

[Guest Fox1977]

Re: Setup site to site VPN?

 

I am tempted to go and buy another sonicwall to put at our end.

Especially as i amd having a lot of trouble getting port forwarding to

work correctly on a new draytek 2800vg router i have just bought for

£150.

 

Should i be using a seperate network address to connect the two

routers together? What is the best protocol/standard to go router to

router. Is it IPsec?

 

Thanks for the advice, much appreciated

 

 

 

On Nov 28, 12:43 am, "Jeff Stockamp" <jeff.stock...@dodgeit.com>

wrote:

> If you're not familiar with VPN setup, i would discourage using routers from

> 2 different manufacturers. Use the same router at both locations and the

> setup should be easy, and you can call a single vendor to get support if you

> run into problems. As with just about anything in networking, there are

> standards for VPN, but every vendor tweaks them a little.

>

> - Jeff

>

> "Fox1977" <fox...@gmail.com> wrote in message

>

> news:52de474a-7fcb-4470-86de-b268b4f41f66@a35g2000prf.googlegroups.com...

>

> > Hi all,

>

> > Just wanted to get some ideas and expertise from everyone as I'm new

> > to VPNs and got a big project to work on.

>

> > Our company has just acquired an office at the other end of the

> > country and I have the job of connecting the two office networks

> > together.

>

> > I have spent the last few weeks getting a remote access VPN up and

> > running for teleworkers using microsoft RAS. Now i need to look into

> > getting a site to site VPN setup and just wanted to share my ideas.

>

> > the plan i was looking at was having each network (complete with DNS,

> > DHCP and windows domain controller) on a different network address.

> > Use a draytek router in one office to connect to a sonic wall router

> > in the other office (running on a different network address). I'm

> > just in the starting out on a CCNA course so this is a good grounding!

>

> > I'm just a bit unsure about how I go about setting them up in

> > practice. I am not too worried about getting the two different

> > domains sorted yet I'd be happy just to get them connected first.

> > Were would people recommend starting?

>

> > Anyone any tips or ideas based on their own experiences?

[Guest Lanwench [MVP - Exchange]]

Re: Setup site to site VPN?

 

Fox1977 <foxj77@gmail.com> wrote:

> I am tempted to go and buy another sonicwall to put at our end.

 

I would.

> Especially as i amd having a lot of trouble getting port forwarding to

> work correctly on a new draytek 2800vg router i have just bought for

> £150.

 

And the Sonicwall will give you a lot more protection, too.

>

> Should i be using a seperate network address to connect the two

> routers together?

 

What do you mean? You have a public IP on each of these networks - that's

what you use to make the connection.

Now, *behind* the Sonicwalls, you need to be using two different TCP/IP

subnets or this won't work. See my reply for info onthat.

> What is the best protocol/standard to go router to

> router. Is it IPsec?

 

Yes. This is really a cinch with Sonicwalls....I believe there's even a

wizard for it.

>

> Thanks for the advice, much appreciated

>

>

>

> On Nov 28, 12:43 am, "Jeff Stockamp" <jeff.stock...@dodgeit.com>

> wrote:

>> If you're not familiar with VPN setup, i would discourage using

>> routers from 2 different manufacturers. Use the same router at both

>> locations and the setup should be easy, and you can call a single

>> vendor to get support if you run into problems. As with just about

>> anything in networking, there are standards for VPN, but every

>> vendor tweaks them a little.

>>

>> - Jeff

>>

>> "Fox1977" <fox...@gmail.com> wrote in message

>>

>> news:52de474a-7fcb-4470-86de-b268b4f41f66@a35g2000prf.googlegroups.com...

>>

>>> Hi all,

>>

>>> Just wanted to get some ideas and expertise from everyone as I'm new

>>> to VPNs and got a big project to work on.

>>

>>> Our company has just acquired an office at the other end of the

>>> country and I have the job of connecting the two office networks

>>> together.

>>

>>> I have spent the last few weeks getting a remote access VPN up and

>>> running for teleworkers using microsoft RAS. Now i need to look

>>> into getting a site to site VPN setup and just wanted to share my

>>> ideas.

>>

>>> the plan i was looking at was having each network (complete with

>>> DNS, DHCP and windows domain controller) on a different network

>>> address. Use a draytek router in one office to connect to a sonic

>>> wall router in the other office (running on a different network

>>> address). I'm just in the starting out on a CCNA course so this is

>>> a good grounding!

>>

>>> I'm just a bit unsure about how I go about setting them up in

>>> practice. I am not too worried about getting the two different

>>> domains sorted yet I'd be happy just to get them connected first.

>>> Were would people recommend starting?

>>

>>> Anyone any tips or ideas based on their own experiences?

[Guest Fox1977]

Re: Setup site to site VPN?

 

Thanks for the advice folks,

 

I am going to try and get something up and running between the drayetk

and sonicwall next week.

 

I will keep you posted.