Many thanks for your reply Rick.

Maybe you could possibly point me in the right direction of where to start, like the programming on the routers for the VPN connection and then assigning the seperate scope. I think the remote site may as well be assigning DHCP from its own router if this is OK to work, as long as it can access the main sites servers etc.

I dont want to wear out your fingers too much giving me exact instructions but a little help and advice would be great.

Just so you are aware to configure the routers we currently have everything was programmed using Cisco Config Pro (CCP) which i know is the cowards way but as you can gather im not too up on the command way.

Thanks

Paul

Paul

I am glad to give you some help so that you can get started. I usually work from command line and not very familiar with CCP. But I did find a document which will guide you through creating the site to site VPN using CCP

http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml

I read through it quickly and it seems pretty good to me. I hope that it works well for you.

If I understand your original post correctly the DHCP at the main site is running on the Cisco router. If that is the case then it should be pretty easy to set up DHCP on the router at the remote site, using the main site as a model. You just need to be sure to use different addressing at the remote site (I would suggest another subnet somewhere in the 10 network near your exiting subnet at the main site.)

HTH

Rick

So could we use the following,

10.120.21.x main site

10.121.21.x remote site

At the main site we have 2 1700 routers running 2 connections. One connection has DHCP disabled and this connection deals with incomming mail, outgoing mail to our servers plus our VOIP PBX server. The second connection deals with DHCP and all computers use the internet through this connection. Cutting a long story short our ADSL connection speed is crap round here so with everything running through 1 connection our VOIP calls were breaking up.

Anyway back to business, the router at the main site that has DHCP enabled we would be using to connect the remote site to.

Regards

Paul

Paul

I believe that

10.120.21.x main site

10.121.21.x remote site

makes a lot of sense. Go for it

It is interesting that your main site has 2 1700 routers but I do not think that this changes anything about how you would set up the remote site (though it does pose an interesting question about how phones would work at the remote site). You would configure the VPN on the 1700 at the main site that is not doing VOIP and it would peer with the router at the remote site. The router at the remote site would peer with the router at the main site for VPN. You would need a route statement (probably a static route) on each of the VPN routers that the subnet of the other site was reachable via the VPN. And you would need to configure DHCP on the remote site router (and the main site router gives you a model to follow for that).

HTH

Rick

Morning Rick,

On the 1700 router that had DHCP disabled the 4 VOIP lines come in to the PBX server and then to local phones on the network so as you say it will be coming in to the network on the disabled router then routing through the second router through VPN to the remote site. The 3CX system i use has a tunnel server that can be installed at the remote site so im hoping this will help with the route of traffic but if i need to add a static route im sure i will be giving you a shout.

I have 2 last questions for now if thats OK.

On the remote site we are looking to install an exchance server for our email. As the traffic will becoming in and out of the main site would it be the same sort of thing of setting up a static route as it would need to be something like this,

WAN ADDRESS (80.45.XXX.XXX) from the internet, In to the disabled DHCP router but then how would it know to send the traffic to the remote site lets say 10.121.21.10. As you can imagine i would need to setup port forwarding at the main site.

and last question, On the remote site if users were to browse the internet would this traffic have to pass through to the main site and use that connection if we are using the perm VPN connection or could it be set so that all traffic except port 80 and 443 use the local broadband connection from the remote site and all other traffic go to the main site?

Regards

Paul

Paul

There are various options that you can consider to get this to work. Depending on the volume of voice traffic it might work ok to have phone traffic go from main site to remote site go over the VPN. But as the volume of phone traffic increases you might need to look for some other approach (as you had to do at the main site).

There are options about how to handle user traffic from the remote site going to the Internet. One option would be to send all the user traffic to Internet through the tunnel and to the Internet from the main site. I have some customers who do this, especially based on their particular security and firewall policies. But it is also possible to have user traffic from the remote site go directly to the Internet and only send traffic through the VPN that is office to office traffic. Either way could work. So do you have any security policies or firewalling policies that would impact this decision?

HTH

Rick

Hi Rick,

There is only going to be 2 remote phones in the remote office and the ADSL connection is quite good so im sure it would be OK passing from site to site on this side of things.

As for the policy, nothing is really set in stone for this so i would say if the remote office internet traffic like web browsing etc would be fine going straight out to the internet but mail traffic and voip traffic and shared drives etc would need to go over the VPN.

Hope that explains things OK.

Cheers

Paul

Paul

Yes I think that this explains things OK.

I believe that what we have discussed is quite possible and I wish you Good Luck with your efforts to get this implemented.

HTH

Rick