Connecting Lan to Remote Lan

tomED

Anyone have any idas how to connect to remote lans?

Basically i'd like it to appear that office A is on the same network as office b.

We are using a VPN, but every pc has to dial in to get access to the remote network. I would like it to be seamless, so that once you are on one network, you can browse the remote network without having to initiate a connection.

Any thoughts appreciated!

Tom

tomk

If you already have a VPN set up, I would think you just need to leave it permanently connected. I haven't come across a VPN that requires each PC to dial in, so a little more detail on your setup would be useful.

What kind of internet connections do the two locations have - dial-up, DSL, leased line? What kind of firewalls?

tomED

Thanks for the reply tomk

Basically its a dial in VPN - the user dials into the vpn and has access to the the network.

I would like that the LAN is connected to the REMOTE LAN permantly - as opposed to the user being connected permantly.

Two DSL lines at each location - with static ips.

Both using zyxel prestige DSL routers. And thats as much as I will give away at the minute!

Trust me - there are no problems as far as access goes - it's the theory behind connecting the two remote lans that I need to get to the bottom of!

Ta
Tom

tomk

OK, that's a bit clearer. I'm still not sure about your current setup, but let's put that to one side for the moment.

I haven't used ZyXEL kit, so these questions may be a bit basic:
Do your routers incorporate a firewall?
Do they support VPN termination?
If so, do they support IPSec? If not, do they support VPN pass-through?

Static IPs are definitely useful here. If you want to use both addresses at each location, I think you'll need two VPNs, but I'm open to correction on this.

If you're looking for theory, try this.

Gavin

What you want to do is run a secure VPN, over le internet. I don't know anything about those zyxel routers, but have a look and see if they support VPNs. As in, they will actually implement one as opposed to just route VPN packets.

If they don't have an implmentation, you have two options. You can go the windows route, using win2000 server or above, or you can go the linux/freeSwan route. MSDN has a lot of good documentation on setting up a VPN using 2000 server, and it's all quite straight forward.

FreeSwan has lots of documentation too. It's slightly more complicated, but it is free, and I believe the crypto FreeSwan implements is 'better' than the microsoft pptp stuff. I've done both, win2000 server is handy for win2000 clients connecting in, and freeswan is handier for connecting two sites together.

Once you have the secure link setup, you can decide what sort of connectivity you want. It is possible to be able to browse both lans seamlessly, and even log onto a pc in one lan, using a authentication off a PDC in another lan, but I could never get it to work ! To access a machine, we always had to just stick in the machines ip address. Wins resolution was causing trouble.

But it is interesting enough to setup actually.

Gav

gibo_ie

For Prestige 65x to 65x tunnel go to this link

http://www.zyxel.com/support/supportnote/p652/index_f.php

Then choose : IPSec VPN Application Notes
Then : Prestige to Prestige Tunneling

this even tells you how to use a branch office vpn between zyxel and most major firewalls!!

Trust me, everything you need is here!!!
Martin

tomED

Thanks everyone! I really appreciate the help!!!

Currently - the VPN is setup like a dial in.
I have opened the port on our router (for PPTP) and redirected it to the receiving machine which is handling access to the network.
Each user then uses a vpn client to (default microsoft one) gain access to the network. They dial into to our static ip address and they have access to the network.

We had the same problem that Verb mentions of the WINS. But we got round that by utilising the LMHOSTS file - you might try that out yourself Verb!

I like what gibo_ie mentions... only that it means i will have to upgrade my routers!

Verb on the windows 2000 vpn, do I need windows2k at each end or do you know?

Thanks again
Tom

Gavin

It's possible to go freeswan to win2000. Win2k to win2k will be simpler to setup though. I'd go with gibo_ie's option if you can and just use the zyxel's inbuilt support. It will make things run much easier !

Gav