Questions

Site to site VPN and generic internet traffic routing

+
0 Votes
Locked

Site to site VPN and generic internet traffic routing

Jdesouza
I am looking to bring 8 locations (1 main & 7 satellite) together through a site to site VPN. Probably by using Linksys RV042 at each location.

My traffic will be light when accessing the shared resources on the network. Just a couple of simple applications.

Most of my traffic will still be users working on external internet sites, and that can be heavy at times.

My question is can I direct my branch user's generic internet traffic to go through the router and out to the ISP, instead of going through the VPN tunnel and using the bandwidth at the main office? Is this a feature I will find on the Linksys RV042?

Is this not a good approach? I would appreciate your experience on this.
  • +
    0 Votes
    CG IT

    how many tunnels will the RV042 create at any one time?

    +
    0 Votes
    Jdesouza

    My understanding is that there is 1 tunnel per site, so 7 tunnels, connecting the 7 branches to the 1 main office. Am I correct on this?

    +
    0 Votes
    Exp

    IPSec tunnel is not easy to setup.
    try something that use ssh that may solve your problem. eg sonicwall, netgear

    +
    0 Votes
    Jdesouza

    Do you mean products like the NETGEAR SSL312 (Two 10/100 Mbps LAN, One Serial Port SSL Concentrator 25)? Around $350.

    Would this be suitable for a site-to-site configuration? I have read about the advantages of SSL for end-user connections.

    +
    0 Votes
    CG IT

    since this is site to site VPN [24/7/365 tunnels, the router sets up and maintains the tunnels, so, you need to know whether that router is capable of doing that e.g the 7 branch offices will create 7 tunnels at one point. Then you have to figure in bandwidth usage at the main connection point.

    If users also use the same line for internet access, you might find you have 100% utilization of your bandwidth.

    I would say frame relay would be a better choice that site to site VPN.

    +
    0 Votes
    Jdesouza

    According to the literature it would. From the spec sheet:
    "...Create up to 30 simultaneous IPSec VPN Tunnels."

    I am trying to avoid dedicated lines in order to keep costs down.

    So, would I not be able to re-route the generic internet usage outside the tunnel?

    +
    0 Votes
    CG IT

    site to site VPN typically means that routers on both ends create and maintain the VPN tunnel indefinately. Tunnels are then accessed by clients to pass data. Since I'm not familiar with the RV042 router, I can not say if the 30 connection support is for site to site or client to server.

    no sure what your last question means. If you mean clients who connect via VPN can't get internet access, they can provided they use the connection with whom they connect to internet access.

    +
    0 Votes
    johnmcevoy

    Edited by moderator

    Message was edited by: beth.blakely@...

    +
    0 Votes
    DavidKirchner

    I only have two locations, and the VPN traffic can be quite a load. Its connected with Site to Site VPN on matching RV042's.
    I use both WAN port's in load balance mode, doubling my throuput. My problem is the RV042 VPN settings only allow 1 WAN port. Setup screen refuses to save a new Site to Site VPN when the same site address's are allready used in another VPN setting - even if useing the other WAN port. I have emailed linksys 3 times and get no answer on how to load balance the VPN traffic. - Its not your problem, but a fact that you must choose what WAN port to use for VPN traffic in a dual WAN setup.

    If you only have one WAN (one ISP) and the RV042 is set as the GATEWAY on your PC's, it will choose where the traffic goes. If the traffic matches an address in the VPN setting, then only the other end of the VPN connection gets the traffic. If the traffic is for generic Internet, the RV042 will forward to its Internet gateway and find that Internet site. Generic Internet (routable) traffic will not travel to the other VPN sites, only non-routable address that match your VPN settings will travel along the VPN pipe.

  • +
    0 Votes
    CG IT

    how many tunnels will the RV042 create at any one time?

    +
    0 Votes
    Jdesouza

    My understanding is that there is 1 tunnel per site, so 7 tunnels, connecting the 7 branches to the 1 main office. Am I correct on this?

    +
    0 Votes
    Exp

    IPSec tunnel is not easy to setup.
    try something that use ssh that may solve your problem. eg sonicwall, netgear

    +
    0 Votes
    Jdesouza

    Do you mean products like the NETGEAR SSL312 (Two 10/100 Mbps LAN, One Serial Port SSL Concentrator 25)? Around $350.

    Would this be suitable for a site-to-site configuration? I have read about the advantages of SSL for end-user connections.

    +
    0 Votes
    CG IT

    since this is site to site VPN [24/7/365 tunnels, the router sets up and maintains the tunnels, so, you need to know whether that router is capable of doing that e.g the 7 branch offices will create 7 tunnels at one point. Then you have to figure in bandwidth usage at the main connection point.

    If users also use the same line for internet access, you might find you have 100% utilization of your bandwidth.

    I would say frame relay would be a better choice that site to site VPN.

    +
    0 Votes
    Jdesouza

    According to the literature it would. From the spec sheet:
    "...Create up to 30 simultaneous IPSec VPN Tunnels."

    I am trying to avoid dedicated lines in order to keep costs down.

    So, would I not be able to re-route the generic internet usage outside the tunnel?

    +
    0 Votes
    CG IT

    site to site VPN typically means that routers on both ends create and maintain the VPN tunnel indefinately. Tunnels are then accessed by clients to pass data. Since I'm not familiar with the RV042 router, I can not say if the 30 connection support is for site to site or client to server.

    no sure what your last question means. If you mean clients who connect via VPN can't get internet access, they can provided they use the connection with whom they connect to internet access.

    +
    0 Votes
    johnmcevoy

    Edited by moderator

    Message was edited by: beth.blakely@...

    +
    0 Votes
    DavidKirchner

    I only have two locations, and the VPN traffic can be quite a load. Its connected with Site to Site VPN on matching RV042's.
    I use both WAN port's in load balance mode, doubling my throuput. My problem is the RV042 VPN settings only allow 1 WAN port. Setup screen refuses to save a new Site to Site VPN when the same site address's are allready used in another VPN setting - even if useing the other WAN port. I have emailed linksys 3 times and get no answer on how to load balance the VPN traffic. - Its not your problem, but a fact that you must choose what WAN port to use for VPN traffic in a dual WAN setup.

    If you only have one WAN (one ISP) and the RV042 is set as the GATEWAY on your PC's, it will choose where the traffic goes. If the traffic matches an address in the VPN setting, then only the other end of the VPN connection gets the traffic. If the traffic is for generic Internet, the RV042 will forward to its Internet gateway and find that Internet site. Generic Internet (routable) traffic will not travel to the other VPN sites, only non-routable address that match your VPN settings will travel along the VPN pipe.