General discussion


VPN configuration

By pkar ·
My company has HO with W2K server and around 15 branches with W2K workstations (between 3-7). We're currently using dialup between branches and HO - mainly for email. To reduce cost of our phone bills we're want to move to broadband and VPN between all sites.
The idea is to install VPN server in HO and VPN servers or endpoints in branches. Also we want to use later management soft for entire network, including software and patch distribution, hardware inventory, etc.
My first question is:
Do we need VPN servers in branches or VPN endpoints will be sufficient? Mainly because management software will need to be able to connect to remote PCs.
The second question:
Do we need to have all HO and branches' PCs on the same IP range?
The third question:
As we'll try to utilise VoIP between sites, we think about getting two ADSL lines for HO (so we have 512k out). Any ideas how to balance load between those two lines so all branches can have simillar connection speed?

Amy help will be appretiated,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by hitchcock4 In reply to VPN configuration

Question 2 answer:
There are a number of ways of doing this. We do it this way
HO network: and subnets
Branch 1: subnet (mask
Branch 2: subnet
Brnach 3: subnet (you get the idea)

All of the offices will need 1 or 2 static IP addresses.

Overall, I would do the following. (Feel free to replace the WatchGuard hardware with a different brand).

At the Main office: Firebox X1000 or X700 (we have the X1000). The thing I love the most about the X1000 is that for users working from home (or from a very small branch office) they don't need special software to connect to the Firebox X1000 or 700. Windows 2000 and Windows XP has a networking option to "connect to the network at my workplace". Once they have an ISP connection, you connect the VPN, and can get an IP address on that default network.
Our WatchGuard firebox X1000 has done a GREAT job of intrusion detection.

At each branch office of 5 to 10 people: Firebox Edge X5 []

At each branch office of 1 to 4 people: just the DSL modem. This is more cost effective for the smaller offices (but doesn't give them a firewall at that site).

Last note: The Firebox Edge devices are easy to setup. If you have never used a Firebox X1000 or 700 however, you may want to hire someone (for 2 or 3 hours) to do the initial setup for you. I now know how to configure/change it well, but it took me a bit of getting used to "programming" the Firebox X1000.
No doubt, though, I definitely recommend these products for great firewalls and site to site tunnels.

Collapse -

Setting up a Watchguard III 700

by robertkhernandez In reply to

I am new at setting up a watchguard III 700. We already have a firewall however the reason I am setting up the watchguard 700 is for VPN functionality.
Anybody has a few tips that can facilitate the process.?

Related Discussions

Related Forums