Home > Ask the Networking Experts > VPNs with Lisa Phifer Questions & Answers > How should I set up a VPN between two offices and also for mobile users to connect to the main office?
Ask The Networking Expert: Questions & Answers
EMAIL THIS

How should I set up a VPN between two offices and also for mobile users to connect to the main office?

Lisa Phifer EXPERT RESPONSE FROM: Lisa Phifer

Pose a Question
Other Networking Categories
Meet all Networking Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 13 January 2005
I am intending to set up a VPN between two offices and also for mobile users to connect to the main office. Would you recommend using a leased line between the two offices as well as the existing WAN connection (256K), or increasing the bandwidth of the WAN and then VPN over the DSL link, thus combining the Office - Office VPN as well as the external VPN? Currently, we have 50 users at the main office and 10 at the remote office.

>
EXPERT RESPONSE
Sharing one link across all users (site-to-site and mobile) is probably going to be a more economic solution, because you are more likely to fully utilize available bandwidth (vs. having two separate links and splitting traffic over them in a fixed manner). However, there are other factors to consider here:

  1. What are your quality of service requirements for site-to-site traffic? If you plan to run high-throughput or latency-sensitive applications on your site-to-site VPN, you may prefer using a dedicated WAN link with guaranteed services levels for that traffic. Alternatively, you could purchase VPN gateways with traffic shaping capabilities that let you dedicate a portion of a single WAN link's capacity to the site to site tunnel, and the remainder to mobile VPN users.

  2. What are your availability requirements for site-to-site traffic? A single WAN link is always going to leave you at greater risk for failure than redundant WAN links. But keep in mind that purchasing two WAN links won't necessarily give you double capacity unless your VPN gateways are capable of load sharing between those links (active/active rather than active/passive configuration).

  3. Would separate WAN links create a more secure, manageable topology? Your VPN gateway will give you the ability to segregate traffic to/from VPN tunnels over a single WAN link by configuring separate security policies for site-to-site and remote user traffic. But if remote users need to access entirely different resources than your site-to-site VPN, you may just find it easier to keep these VPNs physically separate. For example, if remote users only need to access one email server, you might find it easier just to plant an entry-level VPN gateway in front of that server, with its own WAN link and no other internal connectivity. On the other hand, if remote users need to access many destinations at both sites, it is more efficient to bring mobile traffic into the same VPN gateway that directs traffic for your site-to-site VPN.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
VPNs with Lisa Phifer
Would you consider a Microsoft VPN tunnel through a WEP encrypted access point to be secure?
I've heard rumors that some service providers can see unencrypted VPN traffic of their customers. Is this true?
I need to select a Cisco ADSL router which is capable of acting as a VPN server for Microsoft VPN clients that come through the Internet.
I am having issues with the IKE communication between the two Cisco VPN concentrators.
What about using SSL VPN with e-mail clients?
Can you have two VPN connections to the same machine simultaneously?
Why can't I access my folders on the server through the VPN?
I need a very basic VPN solution to connect two offices to allow two servers to talk to one another.
Can one use VPN over a peer-to-peer network within a home?
After setting up my wireless router, I can no longer get on the VPN.

VPN Design
Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition'
A basic virtualized enterprise -- from 'Network Virtualization'
How can I get our VPN to work on Windows Vista?
To set up a VPN server, do you need two NIC cards?
MPLS technology overview
How do I connect my VLANs to the Internet using NAT and the appropriately configured ACL?
What equipment do I use to connect two LANs in different cities? What are the steps?
Are there any architectures of IPsec VPN apart from lookaside and flow-through?
How can I access each device from my network while keeping the companies' networks secure?
VPN operating system interoperability -- Configure VPNs with Linux
VPN Design Research

VPN Troubleshooting
How to maintain corporate VPN connection while printing to a private network.
Can I set up a VPN on my wireless router?
How can I get our VPN to work on Windows Vista?
To set up a VPN server, do you need two NIC cards?
How do I connect to our VPN with authentication ID?
What causes my overseas VPN connection to slow during the day?
Why has the terminal server ended my connection?
How can I access each device from my network while keeping the companies' networks secure?
VPN operating system interoperability -- Configure VPNs with Windows, Checkpoint
VPN operating system interoperability -- configure VPNs with Unix

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
extranet  (SearchNetworking.com)
Layer Two Tunneling Protocol  (SearchNetworking.com)
virtual private LAN service  (SearchNetworking.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Expert networking advice and tips for IT professionals
Visit KnowledgeStorm's comprehensive and easy to use business white paper directory.
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersNetworking Product Trials
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts