WAN Setup
I need to connect a few offices to a central main office. Started out looking at just a VPN but now I am unsure if it wil work the way I need.
I need each remote office to appear to be a local network of the main office but also retain its independance and have a secondary network. I'm no networking guru but I am learning. :D
Any suggestions?
Running XP workstations and Small Business Server 2003/ISA Server 2004 both with SP-1.
[465 byte] By [
RobDog888] at [2007-11-20 4:31:34]
# 1 Re: WAN Setup
You can do this several ways, but I'm thinking that simplicity is a concern here. The good news is that >= ISA 2004 makes doing this kind of thing super simple, if it matches one of the templates. I have always gone the custom route, which I'm sure you will do after you have a few under your belt, but I think the built-in templates will do what you need. The only catch is that you need an ISA server at each location to make the connection process as simple as it can be.
Obviously this can be pretty complex if you need it to, but the basic check list will be this:
1) All In/Out traffic passes through the ISA server.
2) Each location has a unique subnet.
3) Internal DNS gets configured correctly to either encompass or link each location.
4) You have control over each locations end-point security so you can allow traffic to flow as needed.
5) Static public IP addresses make this job a lot easier.
6) A clean, fast, solid, link between each location.
# 2 Re: WAN Setup
Thanks for the reply Craig. I dont have alot to work with here as its a startup corp. Each remote office is either new or an existing company but all are "budget".
DSL at a minimum will be at each location but dynamic IPs are what they have. Also, all currently are in a workgroup config at each office. :( I know two offices will be upgrading their workgroup to domains with a single server soon but the other ofices are not.
I have a friend helping me out on this too. We did some work on Friday on it. We got the ISA server setup and configured with a custom rule. I think we are missing a protocol though. AGIS or something like that with a G in it? What are the necessary protocols to include in the settings for ISA?
They have a hoekey little NetGear router that supports a passtrough VPN but we will be replacing it for a ZxWALL 5. I hear you dont need to configure the router for VPN if you are handling it at the ISA level?
# 4 Re: WAN Setup
Got it working tonight! :)
Turned out that the router somehow had two port forwarding services. When I logged in to the management browser screen on their server I would get one version but when I enabled remote management and logged in not on their server I discovered that it was running DHCP on the router and assigning a slightly different IP addy for the small business server. So when the vpn client requests were created it would forward to a non-extisting addy. I turned off dhcp as the PDC is running it too and now only, changed the 3389 port to forward to the terminal server (for an additional ease of access) and viola! VPN connection to the ISA server rule and when a RDC connection is received it will forward to the terminal server. They also can still use the RWW which is running off of the small business server but will now be limited to the Admins.
Thanks so much for the help and PM. Wish I could give more then the few rep power I have. ;) :thumb:
Now that the initial VPN is setup I still need to work out the best design and technology to use to link all remote sites. Some offices will need a router to ISA VPN while others will need client based VPN to ISA connections. :( Looking at a ZxWALL 35 but might be a little overkill although at the rate of growth, within a year they may be getting close to maxing it out too.
