Which versions of 7 for this network setup

zzz2496 said:

Edit: If you have a head office and a branch office, both should be connected to each other, I think you need a VPN tunnel, it's way simpler and way better. I have several tunnels setup for several clients of mine, connecting several branch offices to regional head offices. I use Mikrotik Router to connect each sites, including from my home to the head office (the head of regional head offices). Here's what my network looks like:

Home <====VPN Tunnel====> Head office <==== VPN Tunnel ===> Regional Head Office(s) <====VPN Tunnel ===> Branch Office(s)

I can access every client/server in this network as if I'm in my own WAN (not internet).
Everything is routed and filtered properly in every checkpoint by Mikrotik routers.

Yes, this is the case. I have a head office and two branch offices. Both branch offices need to access the head office. They really only need to be able to map one network drive.

Right now the main office is behind a D-Link router w/firewall, which is behind a 2Wire U-verse router in DMZplus mode. The D-Link is passing only PPTP through to the main PC. I'm guessing using a router with VPN server is the safer option?

I'm a bit confused as to the difference between this and a VPN tunnel. I thought that's what I had set up.

If the VPN server is in the gateway/router, do I still need Server 2008 for the head office? I'm assuming I do for more than one active VPN connection.

ickymay said:

you will need professional or ultimate if you wish to join a domain , home is very cut back and doesn't include gpedit which is where i would be setting all my policies :)

Is this new with 7? All my Vista Home Premium systems seem to talk to each other fine.

zzz2496 said:

wcsjohn,

In my setup I have this:


[at Home] Mikrotik router A <====VPN tunnel=====> Mikrotik router B [at Head Office]

My computer only knows that it has Mikrotik router A as it's "Default Gateway". My Mikrotik router then have a VPN client embedded in it, and it connects to VPN server in Mikrotik Router B, so my router is a client to another router. I don't set anything about VPN on any of the PCs in any office/home. The routers is the one that will create the Tunnel by them selves. If the VPN tunnel for some reason got disconnected, it will act as if a cable got unplugged from it (the interface went down), and when the connection restored, it will redial by it self, everything automatic (and it has a very complete log for every kind of event, dial, redial, disconnected, etc). No VPN client, no nothing, you only know that Branch office is connected to Head office, period. This is a router to router comm link. How cool is that for an office

zzz2496

Edit: My routers costs around 150 USD, 2 sites = 300 USD, each site has 1 router, that's way cheaper than to buy and maintain individual VPN connections per computer per branch.

That is cool. So if I understand you correctly, the remote branch office and head office both think they're on the same LAN and know nothing of the VPN connection, right?

Two questions about this method.

First, can the head office router maintain multiple VPN connections, or do you need a new router for each? I'm pretty sure you're going to say yes, but want to make sure.

Second, is there any need for Server 2003/8 using this method? Again, I'm pretty sure you're going to say no and the only OS requirements are 7 Business. Please say yes.

zzz2496 said:

By the way, don't use "consumer" class network equipment for office use, especially when you have "special needs" like VPN.

zzz2496

I know. We're a "small company" moving to the realm of "not so small" and going through some growing pains. The move from consumer grade equipment to professional is happening, but taking time.

Also, with these routers, is there a way to direct only the VPN traffic through the VPN connection, and allow general internet traffic through the regular ISP connection?

One more thing. Would you mind giving a sugestion for those Mikrotik routers? Their site looks to be a bit of a DIY sort of thing.

I have deployed these routers in the fashion being described here if you are looking for an alternative for Mikrotik. 3 branch offices connecting back to the main office....

Cisco RVS4000 4-port Gigabit Security Router - VPN - Cisco Systems

zzz2496 said:

1. The Mikrotik Router I use (RB450) can maintain as much as 2000 VPN connection at a time, so that's way overkill for my purposes. Each branch needs to have a similar Mikrotik router (that is in my case, I think you can use other routers that have VPN client embedded in them, but I use Mikrotik routers for compatibility and manageability).
2. For creating and maintaining VPN connection, no server OS needed, everything is handled by the routers. So the answer is NO, no need 2k8/7 pro.

I understand not needing server, but wouldn't I still need Pro?

You remind me of my current client :)

I should have said thanks for all the help earlier. Check your PMs.

1. The routers will know when you requested for "www.yahoo.com" and will direct your traffic to the "internet" interface accordingly. It will know which to use.

Thanks for using the technical terms. I ask because when using the built-in VPN server with Vista, ALL traffic from the branch office is routed through the main office. Not exactly speedy.

2. In my setup, I use many RB450/RB450G, google that...

Thanks. I'll take a look. They seem to have a lot of options. Not knowing anything about them, it's nice to have a place to start. We do have a pretty hefty QB datafile that needs to be read remotely, so speed is a concern. Although, I'm sure any of these routers is faster than our service speed (just Verizon fios at the head office).

ultraplanet said:

I have deployed these routers in the fashion being described here if you are looking for an alternative for Mikrotik. 3 branch offices connecting back to the main office....

Cisco RVS4000 4-port Gigabit Security Router - VPN - Cisco Systems

Thanks for the optional suggestion. This forum is great.