hi Guys,
i am trying to design a solution using VPN for the following scenario and can use any help/insight/correction/guidance you can think of.
the company has 2 physically separate locations (loc1 and loc2)
each location has just one LAN currently.
we want to split this LAN into 2 (user pcs and test pcs) for each location.
and we want users in each location to be able to access the test pcs of BOTH locations.
so the proposed solution is the following:
split each lan into 2 physically separate LANs with separate ISP connections (user LAN and test LAN)
create a VPN tunnel between the 2 LANs on each location
create a VPN tunnel between the 2 test LANs
i guess it will look something like this:
loc1 user lan -----vpn----- loc1 test lan -----vpn-----loc2 test lan -----vpn----- loc2 user lan
will this work and is it the best approach?
and how will i prevent loc1 users from accessing shares and stuff on the loc2 user lan and vice versa?
thanks
2006-11-29 08:32:34 · 7 answers · asked by yzman 1 in Computers & Internet ➔ Computer Networking
security is of the issue here, we do not want someone who's pc is connected on the test lan to be able to remotely connect to it and gain access to the user lan. will vlans allow for this? thanks!
2006-11-29 08:59:03 · update #1
Rather the doing VPN use a switch based VLAN to separate the networks. VPN is good if you are crossing over public boundary but adds unnessary encryption overhead within a the same physical network.
We isolate our network in several fashions using VLANs, we have labs on their own VLAN, Developers on a VLAN, Data and Networks on a VLAN, Servers on a VLAN, and the REST of the CROWD..
Depending on your switch vendor the VLAN structure can often be done at this level of the model. Doing a Layer 5-7 VLAN (VPN) it not near as efficient in data exchange as doing at layer 3-4..
2006-11-29 08:43:41 · answer #1 · answered by Anonymous · 2⤊ 0⤋
While VLANs will allow you to segregate your network, they're not intended as a security solution. Some will probably argue with me on that, but it was never the intent. The original intent, and still be best reason to use VLANs, is to reduce broadcast traffic on an otherwise flat network.
You'd do much better setting up a Windows domain and controlling security that way.
For the site-to-site link, a VPN would be ideal. Either Cisco PIX or any other name player in the VPN appliance market. Or to do it on the cheap, look into IPCop at http://www.ipcop.org
2006-11-29 17:51:21 · answer #2 · answered by Bostonian In MO 7 · 0⤊ 0⤋
My partner and i highly recommend making use of http://www.vpnmaster.org to unblock sites. I am using their services for more than 2 years without having issues.
2014-07-02 16:38:11 · answer #3 · answered by Anonymous · 0⤊ 0⤋
We recommend making use of VPNPower to be able to unblock internet sites. I have been using them since 4 years. http://www.vpnpower.net
2014-08-18 04:12:05 · answer #4 · answered by Anonymous · 0⤊ 0⤋
My partner and i suggest using http://www.vpnpower.net to unblock sites. I am using their services for more than 2 years without issues.
2014-04-19 17:47:53 · answer #5 · answered by Anonymous · 0⤊ 0⤋
good idea you can have only permission set up for certain users
or restricted users one account should be fine
hope this site should help
http://www.microsoft.com/technet/isa/2004/help/cmt_vpn.mspx?mfr=true
2006-11-29 16:57:54 · answer #6 · answered by nighthawk 3 · 0⤊ 1⤋