Javier
Wed Sep 15 08:55:53 CDT 2004
Hi Andy,
Let's get started.... for the main office you could setup something like
this:
Internet
|
DSL Modem
|
------------
[Public IP 1] | | [Public IP 2]
| |
ISA/SBS VPN Router 1
| |
[192.168.16.2] | | [192.168.16.3]
---switch---
|
Workstations [192.168.16.x]
On the remote office:
Internet
|
DSL Modem
| [Public IP 3]
|
VPN Router 2
|
| [192.168.0.1]
---Switch---
|
Workstations [192.168.0.x]
You can play around variations on this same setup (i.e. like adding another
firewall in front of ISA, etc.) but you get the idea. So, basically what you
need is to give ISA and the VPN router in the main office 2 distinct IPs.
Turn off the DHCP on the VPN router 1 and make sure is on the same subnet as
the internal lan and connect it to the same switch as the SBS internal nic.
Configure the VPN link between the 2 sites as you would in a "normal"
situation (this is a great guide for the Linksys RV082->
http://routerworld.dyndns.org/).
Now, you need to tell the SBS how to access those remote PCs (since the SBS
is the default gateway). So, go the SBS box and run the following command:
"route add -p 192.168.0.0 mask 255.255.255.0 192.168.16.3".
It sounds more complicated than what it really is... the worst part (IMO) is
setting up the VPN link between the 2 routers (since sometimes this is not
as straightforward as one would like).
If you have any questions please post back.
--
Javier [SBS MVP]
<< SBS ROCKS!!! >>
"Andy Williams" <andy.williams@profcomputing.com> wrote in message
news:29d601c49b24$4044dfc0$a301280a@phx.gbl...
> Hello Javier,
>
> The customer currently has a single static IP at the
> branch office and a single static IP at the main office.
> However, we could obtain a second static IP at the main
> office if required.
>
>
> Thanks,
>
> Andy Williams
> Professional Computing Solutions
>
>>-----Original Message-----
>>Hi Andy!
>>
>>What you want to do is certainly possible and not so
> very complicated. In
>>fact, I have that a very similar setup between 2 offices
> using a Linksys
>>RV082 and a BEFSX41. Before I start to layout a solution
> here... I want to
>>ask you if you have (or can get) 2 public IPs on the
> main office?
>>
>>--
>>Javier [SBS MVP]
>>
>><< SBS ROCKS!!! >>
>>
>>"Andy Williams" <andy.williams@profcomputing.com> wrote
> in message
>>news:0de101c49a95$40d82c10$a601280a@phx.gbl...
>>>I have spent some considerable time over the past few
>>> days searching for some tried-and-true recommendations
>>> for connecting one of my customer's main office SBS2000
>>> system to a branch office, and have come up
>>> disappointingly short. I would appreciate any
> experience
>>> and recommendations from the community.
>>>
>>> Both main and branch offices have DSL Internet
>>> connections, with the main office operating through a
>>> standard SBS2000/ISA2000 system. The branch office PC's
>>> currently connect to the SBS system via the built-in
>>> WinXP PPTP VPN client.
>>>
>>> They would like to join the two networks with a site-
> to-
>>> site VPN, and take advantage of full client access
> (join
>>> the domain) for Exchange email and ISA Server
> filtering.
>>> This seems like a simple request, using any of the
>>> currently available VPN routers (Linksys RV042 would be
>>> the starting point). However, the documentation I've
>>> reviewed indicates that it is essentially impossible to
>>> connect the standard IPSec tunnel mode VPN of one of
>>> these routers to the ISA Server. Is that true?
>>>
>>> If this is such a major problem, what are other
> solutions
>>> to the problem, short of the expense of installing a
>>> second Windows server, possibly with ISA server, in the
>>> branch office? Isn't there a better way for my small
>>> business customer?
>>>
>>> What about a router-to-router VPN connection that
> somehow
>>> still leaves ISA in-place and functioning in the main
>>> office?
>>>
>>>
>>> Thanks for any help that you can provide,
>>>
>>> Andy Williams
>>> Professional Computing Solutions
>>>
>>
>>
>>.
>>