VPN for branch offices

Discussion in 'Windows Small Business Server' started by IT PHYTOSAN, Oct 24, 2006.

  1. IT PHYTOSAN

    IT PHYTOSAN Guest

    We are trying to connect a branch office over point to point VPN. The
    following question comes up:

    Do we require static IPs in both locations or can the branch office be
    dynamic?
    Can we configure RRAS to act as an endpoint while still permitting remote
    clients to connect via individual VPNs or should we purchase hardware.

    If hardware is the way to go, can anyone recommend routers?

    Thanks

    IT PHYTOSAN
     
    IT PHYTOSAN, Oct 24, 2006
    #1
    1. Advertisements

  2. IT PHYTOSAN

    cjobes Guest

    I definately would go with hardware on this and there are numerous routers
    out there that will do that for you. On the lower end of the price scale I
    like the DLink products. Just do a search for routers with VPN that can do
    Branch to Branch.
     
    cjobes, Oct 24, 2006
    #2
    1. Advertisements

  3. IT PHYTOSAN

    IT PHYTOSAN Guest

    Thanks for your fast reply. I am thinking about using ISA server on one and.
    Any opinions?

    Thanks

    IT PHYTOSAN
     
    IT PHYTOSAN, Oct 24, 2006
    #3
  4. IT PHYTOSAN

    cjobes Guest

     
    cjobes, Oct 24, 2006
    #4
  5. IT PHYTOSAN

    cjobes Guest

    I wouldn't go that route. Use two of the same router and establish a branch
    office tunnel. You also want to look into placing a DC (2003 server) in the
    branch office and make sure that DC is also a GC (Global Catalog Server) and
    a DNS. That way users can authenticate to the domain locally. This will cut
    down on your traffic over the VPN. If needed you can also replicate some
    company folders overnight to that DC. If configured right, you can bridge
    the traffic directly into your LAN, bypassing the ISA. That way your users
    can browse the network at HQ and vise versa. Make sure you configure the
    router at the branch office corretly so when users at the branch office go
    to the internet they go out directly and not through your VPN.
     
    cjobes, Oct 24, 2006
    #5
  6. IT PHYTOSAN

    IT PHYTOSAN Guest

    Yep that is pretty much the setup I am looiking for. Would you be able to
    point me to a networking diagram?

    Thanks

    IT PHYTOSAN
     
    IT PHYTOSAN, Oct 24, 2006
    #6
  7. To step in here,

    I don't know if there is a diagram of this, but what cjobes says is exactly
    what you need.
    Re read what he says a couple of times and see if it sinks in.

    I found a Diagram but I don't know if it will help you
    http://www.microsoft.com/library/me...2003/technologies/networking/vpdpls02_big.gif

    Russ

    --
    Russell Grover
    Microsoft Certified Small Business Specialist.
    MCP, MCPS, MCNPS, (MCP-SBS)
    Remote Support Available
    MSN Messenger
    Support @ SBITS.Biz
    http://www.SBITS.Biz
    Search for SBS2003 answer on Google:
    http://groups.google.com/group/microsoft.public.windows.server.sbs?lnk=lr&hl=en
     
    Russ - SBITS.Biz \(MCP SBS\), Oct 24, 2006
    #7
  8. IT PHYTOSAN

    cjobes Guest

    There are no network diagrams out there that I know about. The key factor
    when you design it is that you need 3 different subnets for your setup (You
    should have 2 already with your current setup). The numbers are up to you to
    choose.
    If you left the SBS setup default you probably have 192.168.16.x (internal
    LAN) and 192.168.1.x (SBS WAN). You could choose 192.168.8.x for your branch
    office. But anything else in 192.168.x will work.

    Post back here if you have specific questions.

    Claus
     
    cjobes, Oct 24, 2006
    #8
  9. IT PHYTOSAN

    IT PHYTOSAN Guest

    This is very helpful, thanks. So the entire branch office would be
    192.168.8.X? Where is the DHCP? At the branch office or at the VPM gateway?
    How do I configure ISA server to make this work?

    Thanks

    IT PHYTOSAN
     
    IT PHYTOSAN, Oct 26, 2006
    #9
  10. IT PHYTOSAN

    cjobes Guest

    By definition the DHCP has to sit in the LAN (branch office in your case).
    That the only place a computer with DHCP enabled would be able to look for a
    DHCP server. You can run it on the DC at the branch office.

    You don't have to change anything on your ISA if your VPN router terminates
    in the LAN of your HQ. You do however have to add a static route on your SBS
    pointing to your router for the subnet 192.168.8.x as the GW.

    Because all computers in you HQ LAN are pointing to the SBS, they will be
    re-directed to your router for the branch office subnet.

    Claus
     
    cjobes, Oct 26, 2006
    #10
  11. IT PHYTOSAN

    IT PHYTOSAN Guest

    Thank you very much Claus. I will follow your instructions and post back
    should I get stuck.

    Thanks

    IT PHYTOSAN
     
    IT PHYTOSAN, Oct 26, 2006
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.