Connect two offices remotely\

Toggle sidebar Toggle sidebar
U

Usernameis

Honorable
Nov 22, 2013
36
0
10,530
Hi,

Main office has 50PCs, fiber optic internet, workgroup.
Branch office 20PCs, slow internet (~8Mb/s), workgroup.

We needs: Be in the same network (of Main office) and share resurces.

1. Is any point to make that branch office goes to internet through main office gateway and have the same outside IP address?
2. Or is more convenient connect branch office to internet with other outside IP and merge both LANs through VPN?

Thank you.
 
Solution
B
If your only connection between the office is over the internet then you have no choice but to run a VPN. I would be much simpler if you had a fiber or ethernet cable that you could connect them.

Unless you have a security reason...ie a central internet content filter or something.. I would let the branch office directly access the internet and only run the office to office traffic thought the VPN. You do not want to actually merge the lans into the same subnet. You want 2 subnet that are routed together with the vpn devices. You would use say 192.168.0.x and 192.168.1.x for the offices. You can bridge them together with a special kind of vpn called L2TPv3 but it is a advanced configuration not supported on most vpn devices.
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,324
2,755
125,640
If your only connection between the office is over the internet then you have no choice but to run a VPN. I would be much simpler if you had a fiber or ethernet cable that you could connect them.

Unless you have a security reason...ie a central internet content filter or something.. I would let the branch office directly access the internet and only run the office to office traffic thought the VPN. You do not want to actually merge the lans into the same subnet. You want 2 subnet that are routed together with the vpn devices. You would use say 192.168.0.x and 192.168.1.x for the offices. You can bridge them together with a special kind of vpn called L2TPv3 but it is a advanced configuration not supported on most vpn devices.
 
Upvote 0 Downvote
Solution
U

Usernameis

Honorable
Nov 22, 2013
36
0
10,530
Yes, this new branch is several miles away and very remote location, so no chance to get wire connected. Actually, we will buy some proper firewall (Fortigate or similar) at the main office. So for safety reasons would be better to have one LAN.

1. What are disadvantages of merging two LANs? Isn't easier to manage remote LAN and PCs, when you see all devices at your only LAN? What about the speed, especially remote branch to Internet?

2. How normally business is doing? They put all branches to separate subnets connected to main office through VPN ? or trying to stick into one BIG LAN?

Much appreciated.
 
Upvote 0 Downvote
jeff-j

jeff-j

Honorable
Dec 13, 2013
508
0
11,060
I know for us we use the fotigate firewall and at our main office is a 192.168.1.xxx our other office is 192.168.2.xxx and our third is 192.168.3.xxx. All three offices are able to access one another, and all the internet traffic goes out using their ISP. I would not try to combine everything into one big LAN I would keep it separated.
 
Upvote 0 Downvote
johnsonma

johnsonma

Distinguished
Jan 19, 2012
1,395
0
19,290
If the firewall was at the main office and you wanted all traffic to be routed through it (like it should be) this naturally creates a bottleneck in the network as I'm sure you know. The problem in this instance would be that the traffic from the secondary office would have to transit the internet through a vpn to make it to the main office then to the firewall and back out to the internet. Then it would have to come back to the firewall, back out again and through the vpn to the secondary office. If you thought the traffic was slow before at the secondary office it would be like molasses now. It would be much more ideal to have a firewall at each location on two subnets with a VPN between the two.

We have multiple VLANs at my company for the different buildings. We also have one building with internet through centurylink that then uses a VPN to connect to our resources. One big LAN is not ideal, you want the traffic to be segmented based on who needs to talk to who.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,324
2,755
125,640
The traffic flow is not dependent on if the subnets are the same or not. you can still route the traffic to the main site to go out the internet. It will use up more bandwidth because the traffic from the remote site has to go all the way to the main site and then back out again on the internet. This is still a common thing to do when the costs of firewalls with the content filters is too expensive. It is a money trade off compared to bandwidth utilization.

Lets just say you do not want to merge 2 remote lans. It gets very complex to explain but it is very tough to carry layer 2 broadcasts over a layer 3 network.
 
Upvote 0 Downvote
Hawkeye22

Hawkeye22

Glorious
Feb 10, 2006
11,442
1
49,065
You can always use gigabit wireless. We have two buildings aproximately a half mile apart using 60Ghz Bridgwave radios. Their 80Ghz radios go up to 7 miles. This allows you to use the same network/IP scheme across both buildings. Since our building are close, we setup the radios ourselves. At longer ranges you may want a professional installation since line of sight will be difficult.

http://www.bridgewave.com/products/80Ghz.cfm
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom