VPN routing....

I think you need to start by googling for beginner tutorials. use:

cisco router basics primer vpn primer cisco.com: site-to-site vpn

This will get you enough reading material to keep you busy through the weekend.

Which router are you planning? Specify according to which the VPN Config wil be laid.. But the concept will be same.

CK

snipped-for-privacy@gmail.com wrote:

You don't need class C's for each site, private address ranges will work as long as they are different each end and you use nat. A static IP for the wan address of the router should be enough. simon

I mean't you don't need public class Cs for the lans :)

@ Simon

Please Simon, Please check if I get your logic;

That is; The private address is to be issued to the workstations in tha LAN; The NAT is just to include an element of Security into the whole 'equation' are what I'm saying according to your point (trying to get the picture, with respect to IP addressing)

but based on what you said above, shouldn't 2 static IP be issued for the two routers? and how will the workstations communicate with each other, when the whole network has been protected by a NAT, which will block the ip address of the internal network?

@ CK

I'm planning on making use of any router that support VPN conections. (If I'm not doing something right, please let me know)

I also plan on making use of a Remote-Access VPN connection, that will enable the LANs to interact with each other.

Sim> Sim> >> Please,

Hi, yes 2 static public IPs for the routers, the routers nat the 2 different lan subnets to their own wan address to allow each site internet access. Then you create a vpn tunnel between the 2 routers with routes to each lan across the tunnel. I've done this with 25+ sites connecting back into a central hub with no problems. simon

wow! at last met someone who has done this practically. Please, I don't mean to be a 'prick', but you made a statement that I kinda couldn't see the picture, "the routers nat the 2 different lan subnets to their own wan address to allow each site internet access" When you meant 'the routers nat the 2 different subnet to their own wan address' did you mean the routers 'hides' the subnet (i.e.

255.255.255.0 not the IP addresses) and replaces it with their IP address? Because I've always thought when NAT occurs, it hides the IP addrss of the workstations accessing the internet, not the subnet. (got it all twisted).

And just to be specific, so if we're going to get a static IP address from the ISP for the two routers, is that it doesn't matter what class it is?

Thanks.

N.B. Just so you know; I'm really glad, because you really are making things look clearer now, been wandering the whole Internet for answers like yours.

Sim> snipped-for-privacy@gmail.com wrote:

Hi, right nat can be 1 to 1 - so for that you need a public class c on the outside to match each of the internal class c addresses. Then there is one to many which I am referring to, this nats the whole internal subnet

- can be bigger than a class c if the router is up to the job, to a single external public wan address. And yes the address from the ISP can be as subnetted down as far as you like, you only need one so a 255.255.255.252 mask is preferred, that give's their router the other address in that subnet. simon

snipped-for-privacy@gmail.com wrote:

So, am I right by saying.. For instance, you assinged an Ip address to the router, You subnet the Ip address to produce 2 more, can you allocate the 2 Ip addess to 2 switches individualy on the network, just like you assign an IP to a router? and you can keep on going creating more branches, right?

Sim> Hi,

Yea, confirmed the issue with the subnet. It's right, was just verifying.

So overall, would you say it's still of a necessity to have a VPN implemented in this project? or alternatively one can route the routers through a firewall for security purposes?

And if you think the latter is a possibilty, What sort of routers should I aim at (will it be as high range as the VPN cisco type)?

The reason i'm asking this is because I came across an article saying buying equipment relating to VPN could be costly (please say if I'm right), and this project is meant to be for a small business with 50 users on each site. Budget is kinda' a factor.

Please, Can I ask > Not quite sure what you mean, do a google > > So, am I right by saying..

I

I assume now you have the idea how its going to work.

If you are looking for VPN, there are several firewalls and vpn boxes in market. You have to prioritize the budjet and then look in the market.I beileve in CISCO routers and firewalls.

But currenlty we have lots of diffrent vendors for the similiar activity.

You can have Sonicwall TZ-170 sp or this project

Thanks Chetan Kamra

snipped-for-privacy@gmail.com wrote: