What do you recomend for a network redundancy?

[maxihinz]

Hi fellas. I work in a small office and our Network engenieer is an idiot. So i'm gonna do some research for myself.
We need to have a reduntant vpn between our 2 offices.
At the moment we have a symetric conection with static IPv4. We can afford a Lan2Lan (same isp) or another symetric.
what would you do? We only use Remote desktop connection windows based and there is no chance to move the server to our office due to place issues.

 

[CubanlB]

You didn't specify whether the additional connection you might be getting would be from the same ISP or not. That would be the first thing to think about.

Generally you would need to connections at each site that are on different ISPs and run an IPSec tunnel over each and run a dynamic routing protocol at each office to handle fail-over /load balancing.

Also, starting out by calling you network engineer an idiot and then not asking a very informed question probably isn't going to go over super awesome here. But good luck!

If your guy is an "idiot" then you should probably just hire a contractor to let you know what your options are.

 

[maxihinz]

Thanks for your answer. We can only hire the same isp because there is only one isp. They have 2 networks in the area so each connection would be from a different hub.
i only said that our network engenieer is an idiot because he doesn't do his job. Unlucklily i cant fire him.

 

[QuietDad]

Your inviting work for yourself. Have your ISP provide a solution that they support or push on the network engineer to get it done. I have no idea what your function is in the company, but you wouldn't like the network engineer going around your back to do your job "correctly".

 

[SecurityTheatre]

You're inviting work for yourself.

FTFY (I hate that mistake)

Have your ISP provide a solution that they support or push on the network engineer to get it done. I have no idea what your function is in the company, but you wouldn't like the network engineer going around your back to do your job "correctly".

While i agree, I've met plenty of completely incompetent network engineers who talk big about their time in the Army, learning how to "finger the routers" and "top up the MUX". (those are direct quotes from a network admin who was attempting - and failing - to impress me with his mad skillz).

 

[QuietDad]

The issue is the network isn't his problem and he's getting involved. Period. He can be concerned about issues and can bring it up with his boss. 30 years in Information Technology (my first programs were written on a pad and punched into cards..). The network engineer could be well aware of the problem and told "It's too expensive..". The fact that communications is by remote desktop strongly suggests that. Who knows, but he doesn't need to be getting involved.

 

[SecurityTheatre]

Hi fellas. I work in a small office and our Network engenieer is an idiot. So i'm gonna do some research for myself.
We need to have a reduntant vpn between our 2 offices.
At the moment we have a symetric conection with static IPv4. We can afford a Lan2Lan (same isp) or another symetric.
what would you do? We only use Remote desktop connection windows based and there is no chance to move the server to our office due to place issues.

To address the original issue, a Windows server can set up a VPN and you can do host-to-server VPN to your Windows server.

You can also do site-to-site VPN on the LAN, but that requires the cooperation of the router on both ends and so may require replacing the router.

It might be possible, given a very limited budget to either use a pair of linux servers, or routers that support something like DD-WRT to do site-to-site VPN.

Ultimately, the best practice for site-to-site VPN configurations will cost on the order of several thousand $$ to do right, in general, purchasing dedicated hardware for it.

As is often said, you can solve challenging problems effectively, easily, or cheaply, but you can only choose two of those three.

Effective and cheap (but not easy): Linux servers/routers, point-to-point doing IPTables routing
Easy and cheap (but not as effective): host-to-server VPN to the Windows server
Easy and effective (but not cheap): Dedicated VPN from border routers (probably new routers needed)

 

[QuietDad]

The OP says they only use remote desktop connections. Redundant VPN is way overkill. Should the network drops on that rare occasion, one simply drives over to the computer that you are remote connecting to and use it. I can't see spending the money for two lines and the realted equipment that one person is using at a time that may fail briefly one or two times a year.

 

[kevnich2]

Op what exactly do you mean when you say the network goes down? What kind of connections do you have eat your local office and what connection is at the remote office? Also I assume by remote desktop that you connect to either server 2003,2008 or 2012 terminal server? Are others in your office having similar issues? How a out users in remote office?