Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SonicWall

Status
Not open for further replies.

Maakus

MIS
Jul 31, 2013
13
JM
Sonicwall question...

I would like to setup a network using multiple sonic wall devices for about 5 locations.

The setup I have in mind (There is nothing existing)
Headquarters - Main All locations connect using VPN Site-to-Site tunnels)
4 Locations - Connect to main via site to site

What I would like to do is
1. Allow each site to communicate with each other, using the tunnels/routing, without establishing a VPN to each other, in sense passing thru the VPN tunnel at the HQ. I think this also creates some kind of data redundancy on the network

I am thinking about using the tz-300.

What is best way to do this...I was thinking using the tunnel interface options ...but I am not as clear as I think I would like to be..

TIA
 
Hey Maakus,

This should be a pretty easy and straight forward setup. You will be able to accomplish this with site to site vpn tunnels.

When you setup the VPN tunnels and specify local and remote networks, you will need to make sure the branch office networks (all 4 other sites) are included.


Example (this example assumes a vpn site to site has been setup between HQ and Office A):
HQ Network = 192.168.1.0 /24
Office A network = 10.0.10.0 /24
Office B network = 10.0.20.0 /24

Setup site to site vpn from HQ to Office B.
In HQ Router:
Local Network: Address Group containing both HQ Network and Office A network (192.168.1.0/24 and 10.0.10.0 /24
Remote Network: Office B Network (10.0.20.0/24)


In Office B Router:
Local Network: Office B Network (10.0.20.0 /24)
Remote Network: Address group containing both HQ Network and Office A Network (192.168.1.0/24 and 10.0.10.0/24)

Once the VPN Tunnel is up, a user in Office B will be able to communicate with the HQ Network and Office A network.


For the most part, you should not need to create any routing rules as the creation of the VPN tunnel will create the appropriate routing.


I am a little confused as to what you mean by data redundancy. The HQ router is a single point of failure. If this router goes down then all the vpn tunnels go down and no remote office will be able to communicate with the other.


Also, chances are you will want your HQ router to be more powerful than the remote office routers. The HQ router is going to be doing alot of work maintaining vpn tunnels as well as routing packets from all the remote offices. Likewise, you can vary the model of remote offices depending on how large/active/data intensive these locations will be.


-JCarmichael


 
JCarmichael,

Thanks for this input. I am actually a little familiar with site-to-site configurations. A little research on the internet suggests that there is a Route Based VPN.

In this configuration, it appears that some amount of redundancy is an added benefit.

Maybe that might make it a little clearer.

Thanks
 
Maakus,

Route based vpn can give you redundancy if you one of your WAN link goes down. Also, route based vpn would give you more control over the traffic from the vpn links. You should be able to manipulate QoS, open/close ports, app control etc.

If you are looking for redundancy in regards to your WAN links, then you will definitely have to go route based vpn. I would also strongly consider getting a 2nd HQ router and configuring the HQ routers in High Availability Mode. The high availbility mode will allow your primary router to failover to the 2nd router. High Availability Mode will provide router redundancy.


If redundancy is what you after then you should setup route based vpns and get you HQ router in high availability mode. This will provide both WAN link redundancy as well as physical hardware redundancy. You will also want to make sure you have two WAN links for each router that you want to have WAN link redundancy.

To be honest, I have not played around with route based VPNs so my knowledge is a little limited. With that said, I am still happy to offer any advice I can.

-JCarmichael
 
JCarmichael,

You are are true IT professional.

Thanks for your response and offer to offer advice.

I am happy to have made your acquaintance thru this medium.

Thank you!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top