Need suggestion on VPN tunnel betwn 2 DSL

[scorpio5780]

Hi

I have two remote labs with DSL connection with STATIC IPs.
1st remote side is buying a server (2000) and has 2000 prof/XP clients.
2nd remote side cannot afford a server and has similar clients to ist site.

1. What replacement(a device that can support VPN) do I need for a server on the 2nd remote site setup VPN between 2 sites? Keeping in mind that I am goign to make 1st remote's site server a domain controller and also doing login authentication of 2nd remote site's machines with this server.
2. I also want to merge these 2 DSL connections. What should I do for that?
3. What extra protocols and services do I need to install and use?

I'll appreciate other neccessary suggestions.

Thanks

 

[scorpio5780]

Another question: Can one VPN tunnel between these sites will support all the clients (20) on the 2nd remote site? or is it gonna be a seperate tunnel for every machine on the 2nd remote site?
I presume that an Endpoint VPN Device supports DHCP on the 2nd site. I have seen few online.

 

[gaidin123]

The clients on the 2nd side can each make VPN tunnels to the 1st site's server. Individual VPN connections probably add a good bit of overhead to your DSL line. No matter what even a single VPN endpoint that encrypts all the network traffic between the 2 lab sites will introduce some latency into your connection.

If you go the "each client connect to VPN server at site #1" you don't need to install anything extra.

What do you mean by "merge" of the 2 DSL connections?

Gaidin

 

[scorpio5780]

This is how the network is:--

10 clients ---->Win2K server----> DSL Modem -----------(INTERNET)------- DSL Modem<----(Endpoint VPN device)<----10 clients

I got confused about the DSL connections. Sorry about that. Just ignore it.
So u mean to say by individual tunnel is that the 10 tunnel connection will be like:--

(-------------1st remote site----------------------) (--------------2nd remote site-------------------------------)
10 clients1 ---->Win2K server----> DSL Modem ======(INTERNET)====== DSL Modem<----(Endpoint VPN device)<----10 clients2
(======10 VPN tunnels from 10 clients2====)

I thought only 1 tunnel from Endpoint VPN device can handle the connection (auhtentication and n/w access) for 2nd remote site's clients (i.e. 10 clients2)

Which ENDPOINT VPN DEVICE should I go for (company and model)? By the way I have 15 clients on each side.

 

[scorpio5780]

SORRY DIAGRAM IS BETTER IN THIS ONE--
This is how the network is:--

10 clients ---->Win2K server----> DSL Modem -----------(INTERNET)------- DSL Modem<----(Endpoint VPN device)<----10 clients

I got confused about the DSL connections. Sorry about that. Just ignore it.
So u mean to say by individual tunnel is that the 10 tunnel connection will be like:--

(-------------1st remote site-----------------------)(------------------------------------)(--------------2nd remote site-------------------------------)
10 clients1 ---->Win2K server----> DSL Modem ======(INTERNET)====== DSL Modem<----(Endpoint VPN device)<----10 clients2
(---------------------------------------------)(====10 VPN tunnels from 10 clients2====)(----------------------------------------------------------)

I thought only 1 tunnel from Endpoint VPN device can handle the connection (auhtentication and n/w access) for 2nd remote site's clients (i.e. 10 clients2)

Which ENDPOINT VPN DEVICE should I go for (company and model)? By the way I have 15 clients on each side.

 

[gaidin123]

Sorry if I wasn't clear either. 🙂 You have 2 options:
1) Endpoint VPN device. This will make one tunnel and encrypt all traffic from 2nd remote site going to/from 1st remote site.

2)Use Win2k's built in VPN clients on each workstation on 2nd remote site. Each workstation must log in to the VPN server on the 1st remote site if you want the traffic to be encrypted.

Solution one costs money but is more convenient. Solution 2 costs nothing and you can see if the performance is acceptable before possibly purchasing an endpoint device. If you are going to buy an endpoint VPN device you obviously need a cheap one for the 2nd site. Does the DSL modem do the job of handing out IPs to each client or do you have some sort of router in place (didn't see one in your diagram but ya never know 🙂)? If so you will need a VPN endpoint device that does not also do NAT. I was going to suggest getting one of the Linksys VPN routers since they are cheap but I'm not sure if each machine at the 2nd site needs a real IP address or not.

Gaidin

 

[vortix]

Get 2 Webramp 700s's and upgrade them to the unlimited version w/ VPN support. Total cost will be under $60. Look around for the thread on the Webramp 700s in the Hot Deals forum.

 

[cmetz]

What speed DSL lines?

If they're low-speed, see the Webramp suggested earlier.
If they're more interesting speed (>1Mb/s summing the two directions), get a Linksys BEFVP41, which has hardware crypto.

 

[LeeTJ]

are there specific apps that you need to share data for accross the net?? is this just general vpning?? are you sharing printers??

if it is just for 1 or 2 apps, you might want to consider Terminal Services / Remote desktop. this would require that your Server have decent performance tho. Dual processors and lots of ram (1 GB of ram or more).

i like terminal services over a vpn tunnel because it has minimum bandwidth requirements.

 

[scorpio5780]

we need to share files and probably printers too.
And see all the machines on ONE domain. And do authentication from the SINGLE server we have on one of the sites.

 

[mboy]

Originally posted by: vortix
Get 2 Webramp 700s's and upgrade them to the unlimited version w/ VPN support. Total cost will be under $60. Look around for the thread on the Webramp 700s in the Hot Deals forum.

YUP, good and cheap 🙂