Basic Question: VPN / WAN

Answered Question
Mar 17th, 2010
User Badges:

Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.


I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:


Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).


Thanks a lot!

Correct Answer by Jon Marshall about 7 years 2 months ago

Kev...... wrote:


Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.


I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:


Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).


Thanks a lot!


Kevin


If you are connecting your internal sites via T1 then you may well not need to use a VPN at all, many companies don't because in effect it is private line between your 2 sites and so there is no need to encrypt the data


You had a VPN on your DSL lines because then your inter-site traffic would be going over the Internet which is anything but private.


However if you wanted to you could use the routers , with the right feature set, to create a VPN across the T1 and you wouldn't necessarily have to firewall it as long as you are firewalling the Internet connection.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 03/17/2010 - 14:15
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kev...... wrote:


Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.


I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:


Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).


Thanks a lot!


Kevin


If you are connecting your internal sites via T1 then you may well not need to use a VPN at all, many companies don't because in effect it is private line between your 2 sites and so there is no need to encrypt the data


You had a VPN on your DSL lines because then your inter-site traffic would be going over the Internet which is anything but private.


However if you wanted to you could use the routers , with the right feature set, to create a VPN across the T1 and you wouldn't necessarily have to firewall it as long as you are firewalling the Internet connection.


Jon

Kev...... Thu, 03/18/2010 - 07:15
User Badges:

Hi Jon, thanks a lot for the reply.


Just one more question, if I want to make those T1s private, Do I have to get them from the same ISP to set that up ? Or can I get them with different ISPs and set the configs in the routers ?


Thanks again !

Jon Marshall Thu, 03/18/2010 - 07:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kevin


A T1 is a private leased point-to-point connection so you would get it from just one SP. There is nothing to stop you using 2 SPs and having 2 T1s for redundancy/backup but each T1 will belong to just one SP.


Jon

Kev...... Fri, 03/19/2010 - 07:05
User Badges:

Hi Jon,


I meant we have 2 locations, like one office in Ontario and one in PA(US), so in this case I need a T1 for each office right ? and to be able to interconnect the 2 offices without a VPN and Firewall both T1 would have to be from the same SP or I can get it trought diferent SP and set those configs myself ?


Thanks again Jon, I'm still trying to undestand those concepts

Tharak Abraham Fri, 03/19/2010 - 07:59
User Badges:
  • Bronze, 100 points or more

Sorry to chime in here..

Seems like you would end up heavy on the financial end.


Normally a leased line is recommended for short distance !


Would recommend another VPN over internet for your private LAN or even services like Frame Relay !

Kev...... Mon, 03/22/2010 - 08:41
User Badges:

Thanks a lot for the help guys !


Do you know a link where I can get those connections explained? I'm lost with those T1s, Frame Relays, Leased Lines, etc.


(I did search wikipedia and google, but their explanation is very techy, I need to find out something more business oriented, like what should I use to connect 2 small offices )

Actions

This Discussion