Two Branch Offices

Discussion in 'Windows Small Business Server' started by Roger, Feb 4, 2006.

  1. Roger

    Roger Guest

    Hi, we have a client with an SBS 2003 server that has two remote offices,
    each remote office has an SDSL connection, the main office has two SDSL
    connections.

    Is it possible to put a firewall on each connection at the main office, then
    one of the remote offices has site to site VPN with one firewall and the
    other office has site to site VPN with the other firewall ?

    what would happen as the default gateway of the server is set to only one of
    the firewalls ?

    Thanks

    Roger.
     
    Roger, Feb 4, 2006
    #1
    1. Advertisements

  2. In
    Not sure what the two SDSL connections are used for in the main office....

    I'd set up routers/firewalls to do IPSEC VPN in a hub-and-spoke config, and
    set up DCs in each office in a separate AD site & subnet.
    Each office uses its own router/firewall as default gateway.
     
    Lanwench [MVP - Exchange], Feb 4, 2006
    #2
    1. Advertisements

  3. I am not %100 why do you use 2 SDSL connections, so I will have assumed for
    redundancy, otherwise not a smart design.
    The best way to setup and take advantage of the topology is with Symantec
    SGS 300 or 400 Series, they where design to do this just that.
    You will need on for the main office that will also do load balancing and
    WAN binding for SMTP (if your DNS MX record is not configured right you may
    end up o RBL). The main office model is probably 4XXR; it can also do very
    secure WiFi and can even carry VoIP. On the satellite offices you can use the
    300 series with only one WAN interface.
    Those routers will do very secure VPN, point to point or multi point, what
    you have is a multipoint.
    Here is the trick, if you assign each satellite office per SDSLS you will
    not only create a system with two points of failure but you will also not
    take advantage or the redundancy and load balancing. So if one of the SDSL
    line is to go down then one remote office will go down and on top of
    everything on of the connections (remote offices) will always suffer because
    of the traffic generated by the main office.
    How do you fix it you create two remote VPNs from the remote sites for each
    corresponding SDLS Wan on the main office and to generate native load
    balancing setup default connection for each WAN on main office.
    There are several other solutions out there but you have to make sure that
    they really offer load balancing (most are wannabe), regardless no other
    solution will do a better job for $1500 than SGS, Cisco will do this as well
    but ad maybe another zero at the end.
    If the main office is not the one with 2 SDSL connections then someone
    screwed up the design and I just wasted my time. LOL
    The only software solution that can do this well is the MS ISA 2004
    Enterprise but the configuration will be a lot more complicated that.
    Good luck and let us know how it goes!
     
    Gabriel C. Stan, Feb 5, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.