General discussion


VPN and Internet simultaneously

By SpookyGreenway ·
I have a client that has one main office and two branch offices, all of them have Windows 2000 Server installed. At this moment there is only one connection via ISDN to one of the branch offices. Right now this client has
1 512mb DSL connection, and he need?s to be able to have 2 VPN connections and Internet access simultaneously. I know that I?ll need to upgrade the DSL to 2Mbps. I have looked at two possibilities a Firewall/VPN router like the new (USR808200) or ISA Server2004. What is my best choice????

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to VPN and Internet simultan ...

I don't see a problem here other than the capabilities of the access router or firewall you have between the Internet and your network. Thats really the key. RRAS on W2K/2003 default VPN ports are 5 PPTP and 5 L2TP. If the access router/firewall will accept a minimum of 2 your or just pass through the PPTP/L2TP traffic with not connection limitations, and you've got the bandwidth to support the traffic ,in the clear.

Collapse -

by zaferus In reply to VPN and Internet simultan ...

I would go with a hardware firewall solution. Easy to setup and should sit and collect dust while it works for your client.

You are going to need a router - probably a firewall anyways for each site (as it has Internet access). Might as well get a stateful packet inspection firewall with VPN capability and get it all done in one box.

I strongly prefer appliance based VPN solutions as they are simple and secure. People are also less likely to "play" with an appliance (mostly because they don't have a monitor, keyboard and mouse), where all to often servers get played with or changed which can cause instability to the VPN/Firewall components that are running.

SonicWALL makes robust VPN appliances, I've personally set up over 300 of them and find them to be good for projects where you want to "set and forget" the firewall and VPN components. They are relatively easy to configure and their firewalling is ICSA certified and quite secure (which should make your client happy).

But if your budget is not up to the cost, you could use a product like Netgear to VPN the three offices together. But watch that you don't underpower your routers.

I recommend using AES or 3DES encryption for your VPN. These are among the strongest commercially acceptable encryption standards available today.

Just remember that you should have a different LAN range for each branch - this is very important so you don't confuse your VPN routing.

For example:
Office 1: 192.168.0.x
Office 2: 192.168.100.x
Office 3: 192.168.200.x

Yes, it may be a pain to change a networks IP range, but it's a necessary evil.

By default the Firewall/router/VPN appliance will allow Internet access by each branch, and allow access to each other (between branches) using the VPN tunnels. Using firewall access rules you can better secure inter-branch access if you wish.

Hopefully this helps with your VPN decisions!


Collapse -

by SpookyGreenway In reply to VPN and Internet simultan ...

This question was closed by the author

Related Discussions

Related Forums