Basic VPN Site 2 Site Questions.

[Kcollinson]

Please correct me if im wrong, and confirm if im right.

When a site to site VPN connection is established: -
IP address's for all terminals on both sites must be unique.
Both Stubs must be on the same Subnet to communicate.

Thx
KC.

 

[gavm99]

Ideally you would have the 2 sites on different IP ranges.

The routing is then done by the firewalls.

So your replies are Yes and No

 

[Kcollinson]

The VPN is only small, using two routers, nothing fancy.
The routers in question are Nortel BSR252.

So best pratice would be different range, same class??

 

[gavm99]

Best practice yes you would have different ranges with the same class

So for example:

Site1: 192.168.121.x on 255.255.255.0
Site2: 192.168.1.x on 255.255.255.0

This way any request to 192.168.1.x from Site1 is sent to the default gateway which should be the router on site. The router is then connected to site2 and passes the traffic down the link so site2.

I have assumed your routers are establishing the VPN link.

 

[Kcollinson]

Thats for that!
Already thought about putting the sites into diff segs.

This is all on paper work this min.
This is prep work ready for a VPN to be installed.

If site-b had two routers, one was for the clients to access the Web, and another router was for a system (ie phones).

I set the client DHCP to us the normal gateway ie 192.168.0.254, and then installed the second router with out DHCP, set the IP to 192.168.0.253 on the secondary router, and set the (ie phone system) to use 192.168.0.253 as its default gateway... That would work without any conflicts?

The VPN will only be Tun'in to another phone system, that phone system will be sat on its own stub with no other devices.

Thx ;-)
Karl.

 

[gavm99]

It sounds like it will work but my only thought is regarding the handsets attached to the phone system - do they have IP addresses or not? There could be a conflict if they do.

I am familar with routing between sites using client machines, servers, routers, firewalls etc but I have never done it with a phone system so it would need careful testing as I don't know how you would edit the equivilent of a routing within a phone based system.

"Nobody cares how it works, as long as it works

 

[Kcollinson]

Not.
I dont believe the hand sets are IP.
Im not to worried about the phone side LOL, just need to make sure i can get a VPN connection and not disrupt users working.

If the users default gateway stays the same, i dnt change DHCP (dnt add another gateway) but the second router goes in fine, users wont be able to spk to site 2 unless i issue them with the new gateway IP? correct?

 

[dtrtel]

I set the client DHCP to us the normal gateway ie 192.168.0.254, and then installed the second router with out DHCP, set the IP to 192.168.0.253 on the secondary router, and set the (ie phone system) to use 192.168.0.253 as its default gateway... That would work without any conflicts?

I assume the two routers use different WAN connections?
If so, no conflicts yet as far as I can see.

I would assume the phone sets at the remote site are IP phones, since the phone system is being connected to an IP network regardless of where its default gw is. Looks like you've already got the point to assign a different subnet address for the phones at the remote site, since you are setting up the VPN, you may need to assert yourself in the design. You may have QOS issues. Be prepared to get some flack if the VPN is your responsibility if the VOIP doesn't work well. If the routers (.253 and the remote router it connects to) are both Cisco, AutoQOS (if supported in your IOS/platform) should be recommended as well.


--jeff

http://linkedin.com/in/JeffLynch