Cisco VPN over Wireless and ADSL

Discussion in 'Cisco' started by igor, Oct 29, 2003.

  1. igor

    igor Guest

    Hello there experts!

    I'm Seeking an advise for the following interesting idea:

    We have 2 offices, around a kilometer away from each other
    Office 1 has ADSL, Office 2 (Main Branch) has ISDN 128k and cannot get a
    faster connection.
    It badly needs it due to it being a Head office with all Citrix Servers
    there.

    We are planning to do the following to get a faster conneciton to the
    Internet for Office 2(Main Branch) :
    1. Install another ADSL line in Office 1 location with Cisco 837
    2. Put Cisco PIX 506E VPN firewall in Office 2(Main Branch)
    3. Install 2 wireless bridges and acess point between the offices.
    This will look like the following:
    Office 1 ADSL Cisco 837 <---- WirelessBridge <---(--
    wireless --)-<---WirelessBridge --<-- Cisco PIX 506E Office 2
    So basically here, Office 2 will be connecting to ADSL Iinternet via a
    Wireless Link between to offices.
    4. Configure Office 2 PIX 506E to be a VPN Server for all other branches who
    will be VPN clients.


    Here is what I am not sure about:
    1. Is ADSL connection possible for Office 2 like that?
    2. Any suggestions on what kind of bridges would be the best and cost
    effective?
    3. Is VPN like that possible? Will it ork?


    Thanks heaps in advance!
     
    igor, Oct 29, 2003
    #1
    1. Advertisements

  2. igor

    dmcknigh Guest

    As far as the adding a second ADSL circuit to office 1, you'll
    probably need to do connection-based loadbalancing to make use of both
    circuits. I believe that will mean having a router with 3 ethernet
    interfaces (2 for adsl modem connections and one for the
    "internal/LAN" connection. It's advisable to avoid packet-based
    loadbalancing (which is probably pretty rare) so that you won't have
    out-of-sequence delivery problems. The other option would be to find
    out if your existing ISP will do MultiLink PPP with 2 circuits and
    then you'd terminate both circuits on a small router that supports
    dual ADSL links and multilink PPP.
    You may also want to look into adjusting the MTU value on the servers
    at Office 2 that will be accessed from Office 1 across the VPN.
    Lowering the MTU slightly will help avoid IP fragmentation (which can
    mess up some "real-time" applications) that happens when you
    encapsulate a full 1500+ byte frame within an IPSEC wrapper. You can
    check for fragmentation using a packet analyzer (like Sniffer or
    Commview, etc.).

    Hopefully this will be helpful.
     
    dmcknigh, Oct 29, 2003
    #2
    1. Advertisements

  3. :I'm Seeking an advise for the following interesting idea:

    :We have 2 offices, around a kilometer away from each other
    :Office 1 has ADSL, Office 2 (Main Branch) has ISDN 128k and cannot get a
    :faster connection.

    :We are planning to do the following to get a faster conneciton to the
    :Internet for Office 2(Main Branch) :
    :1. Install another ADSL line in Office 1 location with Cisco 837
    :2. Put Cisco PIX 506E VPN firewall in Office 2(Main Branch)
    :3. Install 2 wireless bridges and acess point between the offices.
    : This will look like the following:
    : Office 1 ADSL Cisco 837 <---- WirelessBridge <---(--
    :wireless --)-<---WirelessBridge --<-- Cisco PIX 506E Office 2
    : So basically here, Office 2 will be connecting to ADSL Iinternet via a
    :Wireless Link between to offices.

    Were you thinking of 802.11A/B/G wireless, or were you thinking of
    going with a higher power licensed wireless?

    802.11A/B/G is -possible- over 1 Km, generally speaking, but you
    need directional antenna and obstacles (particularily trees!) can
    interfere severely. I'm having a bit of trouble tracking down the
    power limits for Australia; some sources seem to suggest 10 mW, whereas
    another source suggests 1000 mW. Rural vs urban might make a difference
    for power limits.

    The newsgroup alt.internet.wireless is a good place to get recommendations
    on wireless equipment. If you are going to post there, it is best
    to do a bit of a site survey ahead of time: how close can you get to
    line-of-sight, how many trees in the way, can you put up antenna poles,
    are there other significant sources of radio energy nearby, is the
    ground level, if it is an urban area are there a lot of buildings
    near the line-of-sight that might reflect the signal, etc..
     
    Walter Roberson, Oct 29, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.