New
#11
Yup.
Yes, this is the case. I have a head office and two branch offices. Both branch offices need to access the head office. They really only need to be able to map one network drive.
Right now the main office is behind a D-Link router w/firewall, which is behind a 2Wire U-verse router in DMZplus mode. The D-Link is passing only PPTP through to the main PC. I'm guessing using a router with VPN server is the safer option?
I'm a bit confused as to the difference between this and a VPN tunnel. I thought that's what I had set up.
If the VPN server is in the gateway/router, do I still need Server 2008 for the head office? I'm assuming I do for more than one active VPN connection.
wcsjohn,
In my setup I have this:
[at Home] Mikrotik router A <====VPN tunnel=====> Mikrotik router B [at Head Office]
My computer only knows that it has Mikrotik router A as it's "Default Gateway". My Mikrotik router then have a VPN client embedded in it, and it connects to VPN server in Mikrotik Router B, so my router is a client to another router. I don't set anything about VPN on any of the PCs in any office/home. The routers is the one that will create the Tunnel by them selves. If the VPN tunnel for some reason got disconnected, it will act as if a cable got unplugged from it (the interface went down), and when the connection restored, it will redial by it self, everything automatic (and it has a very complete log for every kind of event, dial, redial, disconnected, etc). No VPN client, no nothing, you only know that Branch office is connected to Head office, period. This is a router to router comm link. How cool is that for an office
zzz2496
Edit: My routers costs around 150 USD, 2 sites = 300 USD, each site has 1 router, that's way cheaper than to buy and maintain individual VPN connections per computer per branch.
That is cool. So if I understand you correctly, the remote branch office and head office both think they're on the same LAN and know nothing of the VPN connection, right?
Two questions about this method.
First, can the head office router maintain multiple VPN connections, or do you need a new router for each? I'm pretty sure you're going to say yes, but want to make sure.
Second, is there any need for Server 2003/8 using this method? Again, I'm pretty sure you're going to say no and the only OS requirements are 7 Business. Please say yes.
I know. We're a "small company" moving to the realm of "not so small" and going through some growing pains. The move from consumer grade equipment to professional is happening, but taking time.
Also, with these routers, is there a way to direct only the VPN traffic through the VPN connection, and allow general internet traffic through the regular ISP connection?
One more thing. Would you mind giving a sugestion for those Mikrotik routers? Their site looks to be a bit of a DIY sort of thing.
Yup, all they know that they are connected to each other.
1. The Mikrotik Router I use (RB450) can maintain as much as 2000 VPN connection at a time, so that's way overkill for my purposes. Each branch needs to have a similar Mikrotik router (that is in my case, I think you can use other routers that have VPN client embedded in them, but I use Mikrotik routers for compatibility and manageability).
2. For creating and maintaining VPN connection, no server OS needed, everything is handled by the routers. So the answer is NO, no need 2k8/7 pro.
You remind me of my current client :)
1. The routers will know when you requested for "www.yahoo.com" and will direct your traffic to the "internet" interface accordingly. It will know which to use.
2. In my setup, I use many RB450/RB450G, google that...
I have deployed these routers in the fashion being described here if you are looking for an alternative for Mikrotik. 3 branch offices connecting back to the main office....
Cisco RVS4000 4-port Gigabit Security Router - VPN - Cisco Systems
I understand not needing server, but wouldn't I still need Pro?
I should have said thanks for all the help earlier. Check your PMs.You remind me of my current client :)
Thanks for using the technical terms. I ask because when using the built-in VPN server with Vista, ALL traffic from the branch office is routed through the main office. Not exactly speedy.1. The routers will know when you requested for "www.yahoo.com" and will direct your traffic to the "internet" interface accordingly. It will know which to use.
Thanks. I'll take a look. They seem to have a lot of options. Not knowing anything about them, it's nice to have a place to start. We do have a pretty hefty QB datafile that needs to be read remotely, so speed is a concern. Although, I'm sure any of these routers is faster than our service speed (just Verizon fios at the head office).2. In my setup, I use many RB450/RB450G, google that...
Thanks for the optional suggestion. This forum is great.