I have a VPN connection between two offices in one country. I need to add another network to the VPN, but this...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
network is in another country and is two hop satellites away. Is it even advisable to connect this other network to my VPN and how fast and efficient will it be, considering that it's two hop satellites away from my service provider's satellite? In theory, any network that has Internet access should be able to use a VPN tunnel to reach your network's VPN gateway over the Internet. In practice, network connectivity impacts performance, and poor performance can make for bad user experience. In other words, even if something is technically feasible, it may not be that usable.
Satellite links are not necessarily slower than terrestrial links. In fact, traffic relayed through the public Internet can take so many hops through over-used routers and congested terrestrial links that a two-hop satellite link can deliver higher throughput. You need to look at actual numbers to determine whether this service can meet your needs for throughput and latency. Compare the metrics of your satellite service to your experience with cleartext relayed between your two VPN sites, paying particular attention to latency (propagation delay). If cleartext performance is unacceptable, then there's no point in worrying about VPN performance.
If cleartext performance is reasonable, consider performance for the kind of VPN you are using. Encrypted traffic can impact the satellite provider's ability to manage TCP performance to offset propagation delay. Providers often use techniques like spoofed acknowledgements to trick TCP into using the full capacity of the satellite link, even though latency is higher than on terrestrial links. Because network-layer VPNs like IPsec obscure TCP headers, providers can't play those tricks on IPsec traffic. Transport-layer VPNs (like SSL) don't suffer from this problem. You may want to ask your service provider if they offer VPN services -- for example, a hybrid VPN service that ties an IPsec tunnel over the Internet to a proprietary tunnel over the satellite hop. To learn more about this problem and two vendor solutions, read these papers: Your VPN solution over satellite and VPN over satellite.
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.