EXPERT RESPONSE
You don't say what kind of operating systems run on your servers, what kind of network connectivity exists between your offices, what kind of applications you plan to run, or the level of security that you require. Those answers have a big impact on the easiest, cheapest VPN solution.
For example, let's suppose that you have two Windows 2000 servers, connected to the Internet by DSL access router/firewalls. Your servers don't need to push high-volume, latency-sensitive traffic between them. Your objective for the VPN is simply to stop eavesdropping over the Internet, but you're not terribly worried about robust security.
In this case, you could configure the Windows server at office A to accept incoming VPN connections, choosing PPTP as the type of VPN connection required. Configure the Windows server at office B to initiate outbound PPTP VPN connections to the public-facing IP address of the DSL access router at office A. Configure your access router/firewall with a one-to-one (static NAT) mapping so that incoming PPTP and GRE are forwarded to the WIndows server inside office A's private network. Configure both servers with accounts to be used by this VPN connection for authentication. To learn more about exactly how to set up a PPTP VPN between Windows servers, consult Microsoft's website. Consult your router/firewall manual to learn how to map incoming VPN connections to your office A server.
There are many possible variations on this simple scenario:
If you want more robust security, try using IPsec (or L2TP over IPsec) instead of PPTP. Set-up will be more complicated, but your tunnel will be much stronger.
If you want to avoid getting VPN traffic through your access router/firewall, your server in office B could be configured to dial your server in office A. However, your bandwidth will be limited and you'll need analog phones lines for use by both servers.
If your servers run another operating system, you may need to use a different kind of VPN -- IPsec is supported by most new OS's, but set-up can be harder to get just right if the two servers run different OS's.
If your router/firewalls have built-in VPN capabilities, you might find it easier to configure a site-to-site VPN tunnel between them and forget about configuring your servers for VPN.
Finally, if your servers require low-latency, high-quality connectivity, a best-effort tunnel over the Internet may not do the trick at all, no matter what kind of VPN you use.
|
