Help Setting up a VPN

Archived from groups: comp.dcom.vpn (More info?)

I need some guidance in setting up a network for a small doctor's office.

They getting Verizon DSL in the office for there 12 or so computers. They
also have two satellite offices.

They have a ten year old server that runs their scheduling. The server is
using an old terminal based interface and the PC's in the office and the
satellites just need to get to an IP address. So no Windows Server or any
thing fancy on the network. Also,the main office will get a static IP
address.

My first thought was to install something like this a Linksys 10/100 16-Port
VPN Router RV016 at the office. It will handle the firewall that privacy
laws require and has enough ports to handle all the computers in the office
the multiple vpn connections. I would also install a Linksys EtherFast
Cable/DSL VPN Router with 4-Port 10/100 Switch BEFVP41 in each of the
offices and then figure out how to hook in all up.

In doing some research I only here bad things about the RV016 and it may not
be the best solution.

I did find some info on how to hook up two BEFVP41's together. Can I hook
up two BEFVP41's to one other BEFVP41?

Or should I be looking to do this some other way.

thanks
2 answers Last reply
More about help setting
  1. Archived from groups: comp.dcom.vpn (More info?)

    Cliff Hartle wrote:
    > I need some guidance in setting up a network for a small doctor's office.
    >
    > They getting Verizon DSL in the office for there 12 or so computers. They
    > also have two satellite offices.
    >
    > They have a ten year old server that runs their scheduling. The server is
    > using an old terminal based interface and the PC's in the office and the
    > satellites just need to get to an IP address. So no Windows Server or any
    > thing fancy on the network. Also,the main office will get a static IP
    > address.
    >
    > My first thought was to install something like this a Linksys 10/100 16-Port
    > VPN Router RV016 at the office. It will handle the firewall that privacy
    > laws require and has enough ports to handle all the computers in the office
    > the multiple vpn connections. I would also install a Linksys EtherFast
    > Cable/DSL VPN Router with 4-Port 10/100 Switch BEFVP41 in each of the
    > offices and then figure out how to hook in all up.
    >
    > In doing some research I only here bad things about the RV016 and it may not
    > be the best solution.
    >
    > I did find some info on how to hook up two BEFVP41's together. Can I hook
    > up two BEFVP41's to one other BEFVP41?
    >
    > Or should I be looking to do this some other way.
    >
    > thanks

    If you are dealing with medical data then maybe the best advice is to
    get someone experienced in setting up VPN's and doing network security
    to help you out.

    That being said, I have never used the Linksys equipment but I have
    heard it's not too bad but you basically have to figure things out
    yourself as the level of tech support doesn't cover VPN setup very well.

    I personally use Netopia 3386-ENT devices for this kind of setup (small
    scale, only requires moderate performance over less than 5Mbps internet
    links). They are cheap, and support a wide range of VPN protocols
    including PPTP and IPSEC 3DES.

    In generic terms any IPSEC equipment you purchase will likely do the job
    as long as the hardware or software is not full of bugs.

    Setup each office with a different but similar set of private IP
    addresses.

    Head office 10.0.10.0/24
    Branch 1 10.0.20.0/24
    Branch 2 10.0.30.0/24

    Create IPSEC vpn links between each site. If you have static IP's at
    each site then you should use main mode, if you have static at the head
    office but dynamic IP's at the branch offices then you will use
    aggressive mode. (main mode requires the static IP's and is considered
    slightly more secure)
    If you branch offices use dynamic IP's then you will likely want to
    setup some kind of dynamic DNS registration. Make an account at
    www.dyndns.org and register a dynamic hostname. Install a client like
    directupdate (www.directupdate.net) to automatically update the
    registration when your IP address changes.

    Setup your tunnels on each side with exactly the same settings. The
    only difference should be in the local and remote subnet settings and
    the remote tunnel endpoint address.
    Main office (2 tunnels)
    Tunnel for office 1:
    Local subnet: 10.10.0.0/16
    Remote subnet 10.10.20.0/24
    Remote Tunnel endpoint: remote1.dyndns.org
    Tunnel for office 2:
    Local subnet: 10.10.0.0/16
    Remote subnet: 10.10.30.0/24
    Remote Tunnel endpoint: remote2.dyndns.org
    Office 1
    Tunnel to main office:
    Local subnet: 10.10.20.0/24
    Remote subnet: 10.10.0.0/16
    Remote Tunnel endpoint: xxx.xxx.xxx.xxx (headoffice static ip)
    Office 2
    Tunnel to main office:
    Local subnet: 10.10.30.0/24
    Remote subnet: 10.10.0.0/16
    Remote Tunnel endpoint: xxx.xxx.xxx.xxx (headoffice static ip)

    All the other configuration options for the tunnels will be the same on
    either end. Different implementations of IPSec will have slightly
    different options you may configure. If you want to configure behaviour
    on the routers to maintain the tunnel connection even when there is no
    traffic going through then you will need to read your manual. I know on
    the Netopia routers I use frequently I need to go and set the idle
    timeout to 0 seconds to force it to maintain the IPSec tunnels all the
    time. If your routers implementation of IPsec does not like the little
    trick of setting the main office tunnel subnet to 10.10.0.0/16 then you
    will need to create a separate tunnel between the two branch offices if
    you wish for computers in one branch office to see computers in the
    other branch office. In this example traffic between the two offices
    would pass through the head office. It would be faster to have a
    separate tunnel but as the number of branch offices increased, the
    number of tunnels required to interconnect all sites together becomes
    unmanageable.


    There are some implementations of IPsec that have some vendor specific
    extensions that might be nice. A good example is compression of the
    data stream before it is encrypted and sent. This can sometimes double
    the speed of some applications data or at other times it will slow
    things down if the data was already highly compressed. When it works
    it's great though. An example of a vendor who has encryption is the
    Nortel Contivity line. (The netopia boxes I mentioned do not have
    compression, I don't think they have the horsepower for it)


    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
  2. Archived from groups: comp.dcom.vpn (More info?)

    tnx Mike - helpful reading your posts on setting up small VPN -
    -
Ask a new question

Read More

vpn Office Networking