INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

SonicWall

SonicWall

(OP)
Sonicwall question...

I would like to setup a network using multiple sonic wall devices for about 5 locations.

The setup I have in mind (There is nothing existing)
Headquarters - Main All locations connect using VPN Site-to-Site tunnels)
4 Locations - Connect to main via site to site

What I would like to do is
1. Allow each site to communicate with each other, using the tunnels/routing, without establishing a VPN to each other, in sense passing thru the VPN tunnel at the HQ. I think this also creates some kind of data redundancy on the network

I am thinking about using the tz-300.

What is best way to do this...I was thinking using the tunnel interface options ...but I am not as clear as I think I would like to be..

TIA

RE: SonicWall

Hey Maakus,

This should be a pretty easy and straight forward setup. You will be able to accomplish this with site to site vpn tunnels.

When you setup the VPN tunnels and specify local and remote networks, you will need to make sure the branch office networks (all 4 other sites) are included.


Example (this example assumes a vpn site to site has been setup between HQ and Office A):
HQ Network = 192.168.1.0 /24
Office A network = 10.0.10.0 /24
Office B network = 10.0.20.0 /24

Setup site to site vpn from HQ to Office B.
In HQ Router:
Local Network: Address Group containing both HQ Network and Office A network (192.168.1.0/24 and 10.0.10.0 /24
Remote Network: Office B Network (10.0.20.0/24)


In Office B Router:
Local Network: Office B Network (10.0.20.0 /24)
Remote Network: Address group containing both HQ Network and Office A Network (192.168.1.0/24 and 10.0.10.0/24)

Once the VPN Tunnel is up, a user in Office B will be able to communicate with the HQ Network and Office A network.


For the most part, you should not need to create any routing rules as the creation of the VPN tunnel will create the appropriate routing.


I am a little confused as to what you mean by data redundancy. The HQ router is a single point of failure. If this router goes down then all the vpn tunnels go down and no remote office will be able to communicate with the other.


Also, chances are you will want your HQ router to be more powerful than the remote office routers. The HQ router is going to be doing alot of work maintaining vpn tunnels as well as routing packets from all the remote offices. Likewise, you can vary the model of remote offices depending on how large/active/data intensive these locations will be.


-JCarmichael


RE: SonicWall

(OP)
JCarmichael,

Thanks for this input. I am actually a little familiar with site-to-site configurations. A little research on the internet suggests that there is a Route Based VPN.

In this configuration, it appears that some amount of redundancy is an added benefit.

Maybe that might make it a little clearer.

Thanks

RE: SonicWall

Maakus,

Route based vpn can give you redundancy if you one of your WAN link goes down. Also, route based vpn would give you more control over the traffic from the vpn links. You should be able to manipulate QoS, open/close ports, app control etc.

If you are looking for redundancy in regards to your WAN links, then you will definitely have to go route based vpn. I would also strongly consider getting a 2nd HQ router and configuring the HQ routers in High Availability Mode. The high availbility mode will allow your primary router to failover to the 2nd router. High Availability Mode will provide router redundancy.


If redundancy is what you after then you should setup route based vpns and get you HQ router in high availability mode. This will provide both WAN link redundancy as well as physical hardware redundancy. You will also want to make sure you have two WAN links for each router that you want to have WAN link redundancy.

To be honest, I have not played around with route based VPNs so my knowledge is a little limited. With that said, I am still happy to offer any advice I can.

-JCarmichael

RE: SonicWall

(OP)
JCarmichael,

You are are true IT professional.

Thanks for your response and offer to offer advice.

I am happy to have made your acquaintance thru this medium.

Thank you!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close