I need to set up an always-on site-to-site VPN between two offices so that the second office can access all servers at the first office, and vice versa. Secondarily, it would be nice to be able to connect to either office from home through a VPN client. I’ve never done this before, so I’m looking for as much advice as I can get to bring this off without a hitch.
First, what equipment do I need to buy? I assume I need to buy a device for each office. Would this Linksys RV042 work? Or the Linksys BEFVP41? Or even the BEFSX41?
Second, if the two sites are virtually linked with VPN hardware, can all computers at a site access the resources of the other site? Or do I need to run a VPN client at each computer? (I’d hope this wouldn’t be necessary)
Third, will it be a problem if each office has a dynamic IP address? Both offices currently have DSL connections with dynamic IPs, but we can remote access to the office by using a dynamic DNS service (for example, office1.dynu.com). Do one or both of the offices need a static IP address?
Lastly, is this pretty easy to configure? Are there any good reference sites out there that can walk me through the process?
To your second question: if you have a site-to-site VPN tunnel it is transparent to hosts at the two sites, so no, they don’t need any client software. Just make sure the network addresses are different or you’ll have to mess around with NAT. You will probably want to have some means of resolving host names on the other network, maybe static entries on the local DNS server or something more dynamic like having the DNS servers at each site synchronise with each other.
I haven’t used Linksys VPN boxes but according to the user manuals at your links they do support site-to-site (“gateway-to-gateway”) and client-to-gateway VPNs, IPSec and all that. It also appears that they allow the remote gateway to have a dynamic external IP address, but they don’t go into much detail.
Are you doing this via an ISP? If so you need to check two things:
1 - That the ISP allows VPN connections.
2 - Bandwidth. Bandwidth on consumer lines is often asymmetric. For example I used to be on 2 Mb down, 512Kb up. A big difference. If you’re doing significant data transfers, you’ll want symmetric bandwidth.
If you use a VPN device then you will not need VPN software on the computers at the office. You will need VPN software on home computers that want to connect. Also you will need to have the two networks on seperate networks. If you use 192.168.1.x at one site setup 192.168.2.x at the other. This will keep broadcasts from going over the VPN link.
Also as Quartz said check with your ISP. Some will not allow VPN connections on the normal ports. Either you will have to configure for a different port, switch ISPs, or pay more for service to unblock the ports.
Also again from Quartz check bandwidth both ways. I setup a VPN between my computer here in Korea, and my home network in Las Vegas. I couldn’t get any faster than 96K because of the upstream limits on the connection in Vegas. The main use I had was to access my DVR from here to watch shows, and that speed wasn’t fast enough.
Also when checking for a device make sure it can handle gateway to gateway and gateway to host connections at the same time. I am not familiar with the different devices on the market so I can’t help you there. I used a software VPN client for my setup.
Excellent replies…thank you very much! I’ll definitely check with the ISP to make sure a VPN tunnel is allowed.
Upstream bandwidth for both sites is 768Kbps, which I think will be sufficient for our needs. The primary application in use is not very data-intensive.
