Site to Site VPN Cisco Router

karnac01 · 09-13-2010, 10:32 PM

Hello all,

SCENARIO:
I have 3 offices in 2 cities. The main office is where I have my DC, DHCP, DNS, Web, Database, Firewall, etc. I would like my other office computers to connect to my DC for authentication and have my DHCP issue IP address. This way if there is any problems I van VNC to them and fix any issues. I also want to manage antivirus and other softwares at the server level as well as computer and network monitor.

The solution of course is site-to-site VPN. (Am I right?)

My question is, I am looking at several Cisco models; RVS400, RV042, RVL200, RV082. I am on a budget.

I would like the computers to connect behind the scenes without any user interaction, in a way it will emulate (or simulate) the client to log on to his/her computer and authenitcate to our home office DC similar to a server that is right next to them. I hope I explained that correctly.

I also read that you can do this setup with Linksys WRT54GL Router. If this is so, what would be the main difference/advantage of Linksys and Cisco equipment.

Thanks for the help. I have some knowledge of VPN bot not at this scale. So this is also a learning experience for me as well as gaining and expanding my knowledge. Thanks.

kbp · 09-14-2010, 12:43 AM

Hi,

Yes, you do want a site-to-site vpn setup. I'd suggest that you determine how much growth you want to allow for (number of sites) then buy a model that will support that number of simultaneous tunnels. I'd also buy identical models as minor variations or different products can cause integration issues.

example:

Code:

I have 3 sites currently so if I connect them in a hub and spoke topology I'll need to handle 2 simultaneous tunnels at the hub
[office_B]-------[office_a(hub)]-----[office_C]

We may be partnering with OppositionX and they have 3 offices, so if we're still the hub we'll need to be able to support 5 simultaneous tunnels - I'll allow for 8 just in case.

So determine which products support 8 simultaneous tunnels, pick one and buy 4 of them ( 1 spare for quick recovery ). Update them to the latest firmware, configure the hub first followed by the remote end/s.

The choices between products that you've given are not really ideal as Cisco bought Linksys, but I'd probably choose a Cisco branded one as they're traditionally targeted more at business than home (may have changed).

hth

karnac01 · 09-14-2010, 01:34 AM

Thanks for the insight and information.

I believe my setup will be the following:

[Office C]
|
|
[Office M]---[Office A]
|
|
[Office B]

If I understand this, Office A, B, and C will have its own tunnel to Office M (Main Office). So the Main Office needs to handle multiple tunneling while the other offices just need one tunnel. The Offices DO NOT need to interact with each other.

So I figure the main office (M) will use Cisco Small Business RV082 Dual WAN VPN Router and Office A, B, and C can use Linksys WRT54GL Router and reconfigured for VPN both wireless and wired.

QUESTION: Will VPN Tunnel be used for web browsing as well since my gateway/firewall is at the home office? Or will it still go through ISP at the office location?

The equptment price, configuration, security, and management fits well with my budget. Any suggestions, comments, maybe approval (lol), or questions would greatly be appreciated. Again, thanks for the info.

kbp · 09-14-2010, 09:55 PM

If you want internet browsing to go via head office you'll probably need to have a proxy and configure all the clients to use it. The usual vpn config will only redirect traffic for the head office subnet over the vpn connection - everything else will be routed normally.

It may be possible to force all traffic over the vpn connection but you'll need to Read The Fine Manual for the product you buy.

cheers