VPN suggestion

[pgordemer]

Just wanted to get any options on which way works better when connected a remote office that needs to see to main offices.

HQ - T1 to the Internet and T1 to Office 2
Office 2 - T1 to the Internet and T1 to HQ
Office 3 - T1 to the Internet
Office 3 has VPN to HQ and via normal T1 routing can see Office 2

For Office 3, Would it be better to justt setup to VPN policies, one to HQ and 1 to Office 2, instead of hub and spoke.

Goal is all office to see each other.

Note for clarity purposes. I am proficient in setups of sonicwalls, this is just a *what do you think* type of question.

Phil Gordemer
ARH Associates

 

[beholder95]

I'm in the process of replacing our MPLS VPN solution with my own sonicwall based VPN. Installing the first 1 tomorrow.

because i dont' have all the sonicwalls deployed (this will be phased in over the next year when the MPLS contracts expire) I have no choice but to go the hub and spoke route.

From what i've seen of all VPN models this is how they are always done. For me since the server is in the HQ office if something were to happen to the HQ Sonicwall ("hub") there really wouldn't be an advantage to having access to the other branch offices as the mail and file servers still wouldn't be accessible.

I also think it's just easier to have 1 policy linking each office as opposed to having 3 for each office.

Eitherway it'll work, and unless you will still be functional w/o the proposed hub i dont' see an advantage to not doing it that way.

just my 2 cents.

- Andy