Broadband Tech > Virtual Private Networking > What would it take to connect 2 business locations via VPN?

What would it take to connect 2 business locations via VPN?

Are the 2 locations geographically close to one another? Who is the ISP at each location?

Depending on the answers you could just do a "local" direct connection between the 2 locations and avoid VPN headaches. Otherwise will probably need to go with RRAS or similar to handle VPN and domain authentication between the 2 locations.

Also, depending on the number of users and the available bandwidth at each end it could be pretty slow connection.

Thanks for the response. It would be across town around a mile away. Both locations would use CenturyLink (formally Qwest) @ 12MB connection speed (.75~1M up). As for users on the other end i would say no more than 4.

reply to versalife333
Ok, having the same ISP in the same location could work for you then. You might want to check with CenturyLink Business sales dept. to see what they can offer for a point 2 point connection between your 2 locations. Assuming it's not priced out of your reach it should make for a better/more reliable connection. That .6 -1mb upload would be a killer if you had to go any other way

EDIT to add: The point to point connection would be in addition to your existing DSL service(s).

reply to versalife333
Site-to-Site VPN is your best bet, [somewhat] simple to implement and the equipment can be picked up for around $100-300 per site (depending on features).

I'd stay away from the carrier VPN solutions unless you're prepared to pay dearly for it. They look at this as a premium service (even though the technology has been around for 10+ years). Yes (I will admit) it does take configuration headaches/management off your plate, but [honestly] site-to-site VPN's are super reliable and can be done for one time cost of a few hundred dollars vs paying a few hundred dollars extra each month for an ISP to manage it....
--
Thanks,
Sean Brown
»www.sleepyshark.com

reply to versalife333
I've been looking at a these: »www.watchguard.com/products/xtm-···p3=xtm23 for this. Provides a pretty robust firewall at each location and you can set up a pair of them up to automagically VPN to each other using their Branch Office VPN configuration. They also have a software client that will allow you to remotely VPN into the site from anywhere. I have a client nearly 300 miles from here that has one. I have it setup so that I can connect to their network and manage their systems and network printers from the comfort of home.

reply to versalife333
»www.guardsite.com/XTM-21.asp
To get an idea of street prices. Be aware that there are recurriing support costs with higher end routers.

Another top notch fully flavoured company is Sonicwall and the new TZ100, their one up model the 200 series looks comparable to the watchguard above.
»www.sonicwall.com/us/products/TZ_100.html

I am most familiar with the zyxel brand, free firmware updates and no cost technical support and 5 year warranty on the uSG series.

Based on your requirementshowever I would look at the following unit(s) VFG6005/(N) designed for multiple VPN tunnels, IPSEC or native Windows VPN (no client software needed). The wifi model (N) is on sale at provantage.com for $94 - cheaper than nonwifi version). If minimal features and low price are your overriding considerations (and free support).

»www.us.zyxel.com/Products/detail···CA201125

If I was to look at something comparable to the above sonicwall and watchguard in terms of overall capabilities, and my preference actually, would be to look at the the USG50 - $237 at provantage.com
»www.us.zyxel.com/Products/detail···ED195DB2

The bottom line is that you will do well with the USG, TZ, or XTM choices. They have many features and are flexible in setup.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

reply to versalife333
If it's just the two sites right now, pretty much any DIY or commercial piece of gear will
do the trick. One thing to watch out for is to scale for the setup -- depending on your
level of paranoia, you'll want a STRONG encryption protocol -- and (possible) future growth
-- ie. more sites / tunnels, remote access VPN.

Do your research accordingly, read the datasheets, and watch out for pitfalls.

My 00000010bits

Regards

reply to versalife333
do you have two old PCs that are sitting on the shelf?

go install any modern linux distribution, select server (rather than workstation) and then go to »openvpn.net/index.php/open-sourc···wto.html. Once you've installed Openvpn, point the remote subnet to the local vpn server, and v.v.

i'd highly recommend you not purchase hardware for this. I'm just an average joe and I manage 3 locations connected by openvpn. Total time to setup, 5 hours. total management time after that 5 seconds to review logs once in a blue moon. Total cost, just my time.
--
(1) It's either 99¢ or $0.99; not .99¢ (2) It's "so MUCH fun" not "so fun"

reply to versalife333
Wow! Thanks for all the responses.

For the past couple of days I've been looking at several options. Setting up our Server 2008 R2 Standard for VPN is a no go as I frankly do not have the experience to do it ( even with online guides I just get stupified with concepts like certificates etc ).

The linux box idea is a good thought but I'd rather understand what I'm doing to setup it up rather that copying and pasting from the guide ( frankly I don't have to time to learn the ways of the penguin )

Watchdog products are too high in price for our budget otherwise they sounds perfect.

I went and ordered 2 Cisco RV110W's and will try them out but I am still open to ideas. I've also been toying with a Buffalo router that has some VPN option but its not the most user ( noob ) friendly.

Also CenturyLink won't provide the vpn services. And as for security concerns ( level of paranoia ), I'm all for ease of use / setup over anything else.

reply to versalife333
I recently picked up a watchguard xtm 505 and xtm 21. They are not cheap, especially with multi-year security bundles but so far they have been great. Set up was straight forward, tech support was available 24/7 for the 505 (8x5 for the 2 series) and they were quick with answering my laundry list of stupid questions as they are my first watchguard products.

The management server that comes with it made setting up the branch office VPN thoughtless, and as worked smoothly ever since - except for the complaining about some of the new blocking in place from the webblocker and other firewall protections (URL length, etc.)

The gateway antivirus is pretty cool feature, I checked it out with a beater laptop and it really stopped the virus I was trying to get on my laptop at the firewall. It really does work.

If you have any questions about the Watchguard stuff, shoot me a message. If you do go with the watchguard, guardsite has some of the best prices, or I can refer you to the retailer I've been working with, they are pretty good. You'll really want to buy the security bundle though, it seems like it'll save $ in the long run. IMO, the hardwares for shit without the security bundle protections.

Au contraire, the advice I gave in the last post applies equally to all vendors. I have nothing against the top tier of firewall products they are most excellent. What I dont particularly like is the business model of only providing technical support and firmware patches if you additionally BUY a support package on top of the high price of the unit. Obviously I am in a minority as many accept this business model. As to zyxel if you look at many of my posts I often quote provantage.com as a retailer to go to,,,,, as this is a hobby not a burning need. I could also say that zyxel is not immune to providing subscription services (as a revenue generating tool) nor immune to throughput drops with such services.
My last post was about ensuring that one does not spend money frivolously, on services, regardless of vendor or model, which I believe you did in fact suggest without any reservation. You also went further after suggesting routers of a particular brand that they were excrement without the security services. SO it appears your talking out the back of your hand so to speak. Suggest you rethink your logic.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

reply to dagwag77

reply to Anav

Reminds me of a saying. "If you find yourself in a hole, stop digging!" I will leave you to your shovel.

reply to dagwag77

Absolutely, depends on the clients requirements, the threat, management capabilities and the kicker.... and the budget.