Solved: Basic Question: VPN / WAN

Kev...... · ‎03-17-2010

Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.

I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:

Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).

Thanks a lot!

Jon Marshall · ‎03-17-2010

Kev...... wrote:

Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.

I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:

Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).

Thanks a lot!

Kevin

If you are connecting your internal sites via T1 then you may well not need to use a VPN at all, many companies don't because in effect it is private line between your 2 sites and so there is no need to encrypt the data

You had a VPN on your DSL lines because then your inter-site traffic would be going over the Internet which is anything but private.

However if you wanted to you could use the routers , with the right feature set, to create a VPN across the T1 and you wouldn't necessarily have to firewall it as long as you are firewalling the Internet connection.

Jon

View solution in original post

Jon Marshall · ‎03-17-2010

Kev...... wrote:

Hi Guys, I'm new here and a bit new to networks as well, so here is a basic question that I have and I was looking for some help.

I work for a small company with 2 offices, currently both connected with DSL connections and we have an appliance that provides routing and a VPN tunnel between both offices. Unfortunatelly this is not enough anymore and I was thinking to update both offices to a T1 connection, now the question:

Is it possible to setup the routers to create the VPN tunnel? like set them up to only see each other (and their subnets in the other sides)? if I do this way do I still need a firewall on this T1 connection ? (The idea is keep both DSLs for internet and the T1 just to internal data).

Thanks a lot!

Kevin

If you are connecting your internal sites via T1 then you may well not need to use a VPN at all, many companies don't because in effect it is private line between your 2 sites and so there is no need to encrypt the data

You had a VPN on your DSL lines because then your inter-site traffic would be going over the Internet which is anything but private.

However if you wanted to you could use the routers , with the right feature set, to create a VPN across the T1 and you wouldn't necessarily have to firewall it as long as you are firewalling the Internet connection.

Jon

Kev...... · ‎03-18-2010

Hi Jon, thanks a lot for the reply.

Just one more question, if I want to make those T1s private, Do I have to get them from the same ISP to set that up ? Or can I get them with different ISPs and set the configs in the routers ?

Thanks again !

Jon Marshall · ‎03-18-2010

Kevin

A T1 is a private leased point-to-point connection so you would get it from just one SP. There is nothing to stop you using 2 SPs and having 2 T1s for redundancy/backup but each T1 will belong to just one SP.

Jon

Kev...... · ‎03-19-2010

Hi Jon,

I meant we have 2 locations, like one office in Ontario and one in PA(US), so in this case I need a T1 for each office right ? and to be able to interconnect the 2 offices without a VPN and Firewall both T1 would have to be from the same SP or I can get it trought diferent SP and set those configs myself ?

Thanks again Jon, I'm still trying to undestand those concepts

Tharak Abraham · ‎03-19-2010

Sorry to chime in here..

Seems like you would end up heavy on the financial end.

Normally a leased line is recommended for short distance !

Would recommend another VPN over internet for your private LAN or even services like Frame Relay !

Kev...... · ‎03-22-2010

Thanks a lot for the help guys !

Do you know a link where I can get those connections explained? I'm lost with those T1s, Frame Relays, Leased Lines, etc.

(I did search wikipedia and google, but their explanation is very techy, I need to find out something more business oriented, like what should I use to connect 2 small offices )