remote office

Discussion in 'Network Routers' started by geo, Aug 9, 2006.

  1. geo

    geo Guest

    quick question .

    Have an office in Seattle (home office) 35 users windows domain. Have an
    office in Colorado 5 users no domain (right now).

    The office in Colorado is projected to grow probably into more of a domain

    Curious on the best way or ways to make the two office better networked

    geo, Aug 9, 2006
    1. Advertisements

  2. geo

    bobmct Guest

    I assume you already have an Internet connection at the home office and
    should have one for the Colorado office. If so, then I would recommend you
    create a router to router VPN between the two locations and run the
    Colorado office as a subnet of the first. The two sites will act as though
    they are physically connected with a network cable.

    Most routers can do this and I would recommend using IPSEC. I would also
    recommend using Netopia 33xx-ENT series router as they do this very very
    well and are extremely reliable.

    Good luck and let us know what you end up with.
    bobmct, Aug 10, 2006
    1. Advertisements

  3. geo

    geo Guest

    Thanks. If I have people authenticating into a domain would I need a domain
    controller on subnet A and subnet B or the one domain controller in subnet A
    is good enough?
    geo, Aug 11, 2006
  4. geo

    geo Guest

    Oh yes the home office has a fractional t-1 768K and the remote office is
    cable broadband.

    The remote office though has to be VERY SIMPLE if you know what I mean.
    Basically the person(s) there will basically want to turn their laptop on
    and be connected and not really have to know how to do anything.
    geo, Aug 11, 2006
  5. geo

    bobmct Guest

    1) the remote office would authenticate to the domain controller on subnet A
    in the main office over the VPN.

    The VPN, being router-to-router makes the remote office appear as if it were
    locally attached to the main office and ALL traffic between them is
    secured. Once defined this is all automatic.

    2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
    Once there is an Internet connection it's "cake" from then on. The ONLY
    item that would make it much easier is if you could assure a "static" IP
    for the remote router connected to the cable modem. Most cable ISP's will
    do this based on MAC address. The configuration is actually a dynamically
    assigned protocol but based on the configuration made that particular MAC
    address will ALWAYS receive the SAME IP address.

    Now, here's the part for you... once you know the IP's involved YOU can
    configurate the remote router locally at your site using the parameters
    that will be required for the remote end. Once complete send the router
    down to the location and have them connect it to their cable modem. As
    most of these routers also have multi-port switches built in they can plug
    their network cables from their PC's and printers directly into the router.
    From that point on there is virtually NOTHING that the users have to do.
    It will just WORK (assuming its been setup correctly).

    You didn't mention wireless as this is another common feature for remote

    Good luck and depending on the brand of router you purchase to handle the
    task the manufactures tech support could/should/would provide assistance to
    get it up and running. In my first response I recommended netopia. One
    reason is that IF you are using their equipment, for a paltry sum of $99
    THEY will connect remotely to BOTH ends and configure the VPN for you and
    get it going. Believe me, if you've never done this before, the $99 is
    well worth the money.

    Good luck.

    bobmct, Aug 12, 2006
  6. geo

    geo Guest

    Thanks Bob,

    I'm just trying to gather the information together to get this going.
    Probably won't do it until October. But I'd like to plan it out before we
    do anything.

    So how would the remote office connect to the Internet? Would they be using
    the connection from the Home Office out to the Internet. Oh and yes the
    remote office users will connect wirelessly to the LAN.

    This question may not be related but at the home office there is just one
    big LAN about 50 users and maybe 10 or so printers. Would it be wise to
    separate out into separate VLAN's If so I'm curious on how the
    authentication to the domain takes place would you have to have domain
    controllers on each VLAN?

    geo, Aug 14, 2006
  7. geo

    geo Guest

    I should mention that at the home office there is a cisco 1720 router (due
    for replacement though) and after that is a watchguard firebox x 500,
    would that have any affect on the Netopia?

    I've never had to connect remote offices so I'm a little unfamiliar with my

    geo, Aug 14, 2006
  8. geo

    bobmct Guest


    Again, I'm partial to Netopia only because I've had such good luck with
    their products and their tech support is top notch. And I'm referring to
    multiple commercial grade installations, not just a single home network
    (although thats what I am using at home with a VPN to my office).

    For example: if the remote office had either a cable or dsl Internet
    connection the cable/dsl would terminate in a Cable/DSL modem. You would
    connect, using a Cat5e cable from the LAN port of the modem to the WAN port
    of the router. In the case of Netopia, I'd recommend the model 3387WG-ENT,
    which which will be your gateway to the Internet, act as the end-point for
    your VPN, act as your NAT device for your remote users, provide DHCP
    services to your remote users AND be the wireless access point for your
    wireless users using either 802.11b or 802.11G with none, WEP, WPA or WPA2.
    In fact, it can be quite a work horse. I now this will work for you
    because I've installed it in similar remote sites as yours doing exactly
    what your asking.

    Please visit the Netopia site ( and navigate to their
    support section for broadband equipment and then look for "technical
    papers" or documents. They have numerous ones that explain how to
    accomplish many of these things using their equipment. And don't forget,
    if you are using their equipment, they can and will do the config for you
    for a very nominal fee. In fact, if you are concerned about support, you
    can purchase annual support contracts for as low as $99.

    Also, you mentioned about establishing multiple VLANS for your users. I
    would recommend doing as I outlined above where your remote users connect
    with the gateway/router and then the router handles the VPN overhead. Its
    much faster with its special algorithms and chipsets, etc and you don't
    have to be concerned about all the individual windows configurations and
    setups for same. Using the wireless client services, each users' signal
    would be encrypted from their machine to the router, then decrypted and
    re-encrypted for transport over the VPN where the host site decrypts it
    before passing it on to the LAN there. Its all magic and its done with
    lots of mirrors and smoke :)

    Also, setup this way you would provide either the IP or the hostname of your
    single domain controller at the main office and the remote users will
    authenticate on that with virtually ZERO lag. You WILL be surprized at how
    fast and transparent this all will be to the users.

    Good luck,

    bobmct, Aug 15, 2006
  9. geo

    bobmct Guest

    Again, as I am biased towards the Netopia I would recommend the model
    R4622-XL to replace the 1720. Its got more horsepower than the 3387 but
    the configuration screens are EXACTLY the same. Nice this is that you/one
    can connect via telnet and do the configuration remotely even including
    firmware upgrades if they ever become needed.

    I no little about the Watchguard. I doubt that it would have much
    interference as it usually installs in SERIES with the main router. I
    would recommend first visiting the Watchguard tech support site for info,
    guidance and examples and then the Netopia site for similar support. Once
    again, if you have their support contract (Netopia) THEY will handle this
    for you very inexpensively.

    bobmct, Aug 15, 2006
  10. geo

    geo Guest

    Thanks Bob,

    That's exactly what I'm nervous about is the lag time. Users are very
    impatient and want things in an instant like we all do.

    So I should still be able to do a single domain being that I really don't
    have many users 40 in-house. I have 8 remote sales people in 8 remote
    (local same state same county) locations (one sales person per location) and
    2 remote (in different states) locations that have again 1 or 2 people in
    the office at the most for the time being. One of those locations might
    expand in the future where I might have to look at possibly different

    But I'm very interested in the Netopia solution sounds like the way to go
    for the $$$. I've also been looking at Cisco but they are expensive.

    Thanks for your help in understanding a little better.

    geo, Aug 15, 2006
  11. geo

    geo Guest

    If you set up this vpn via the remote office and the home office. At the
    remote office with the cable modem will the users on that end ALWAYS go out
    through the cable modem to the home office then out to the internet?

    Or could they just go out to the public internet via the cable modem
    geo, Aug 15, 2006
  12. geo

    bobmct Guest


    I'm glad it making "some" sense to you now. Answering the question you
    posed in the prior post... NO, you would NOT have to look at other
    solutions if you grow. These product will scale pretty well based on the
    numbers you've talked about.

    Regarding the remote office's access to the Internet... it can go either way
    depending on how you configure it. If you absolutely positively want them
    to pass through the Watchdog, then you would define the remote users'
    Internet route to be the Watchdog which would then turn around and route to
    the Internet. But mostly the defined gateway for the remotes would be
    their router meaning that any IP outside of the local/home subnets would be
    routed to the Internet. Its really that simple.

    Another thought for you remote very remote/transient salespeople... its
    possible to setup multiple VPN's on any of these Netopia routers, even ones
    that are not IP depended but use PKI authentication. That way if your
    sales person is ANYWHERE but has access to the Internet (i.e.: hotel,
    client location, his/her home, etc) they simply start their defined VPN
    that has the IP of the home office VPM and they'll be
    handled/authenticated/connected securely.

    Don't forget to visit the Netopia site to view the tech documents. These two
    links should get you started:

    Good luck and please post what your final solution becomes.

    bobmct, Aug 16, 2006
  13. geo

    geo Guest

    Thanks Bob,

    Now you got all kinds of ideas in my head :)

    I knew all this was possible I just figured it was super expensive. I am
    liking what I see so far with the Netopia. I have been on their site a lot
    the last couple of days. I can't believe you can get that wireless 3387
    for somewhere in the neighborhood of $140 and still do all that stuff.
    Then get an home office router for ~$900 Cisco would be thousands.
    If anything it makes sense to at least try it for those dollars.

    Remote Office -

    I don't need them to pass through the Watchguard Firebox, I'd rather
    they use what they have at the remote office to do typical internet
    web browsing, e-mail etc. But with the ability to use the network at
    home office. (map drives, printers, etc.)

    Sales Offices-

    There is only ONE person in these offices. They will typically move
    from office to office. It would be similar to the REMOTE OFFICE
    However these offices are right now using VONAGE VOIP. I would
    want sales to have the ability to connect to the home office to use
    the home
    office network (map drives, printers, save files in a user directory,
    etc.) But
    normal internet or e-mail can be handled locally instead of traversing
    the internet
    to go through the watchguard and then back out to the internet.

    What about home users? That may not have a Netopia router and you may want
    to do on a client by client basis? Would they just connect use native
    Windows VPN? Or probably something that watchguard has.

    Sorry for all this just trying to understand how it all ties together into
    the local lan.

    geo, Aug 16, 2006
  14. geo

    bobmct Guest


    Ahhh, now you're beginning to see what I've been trying to say. Years ago I
    too believed that to do it well you required Cisco. I fought with their
    IOS for a long time trying to get things to work. I paid Cisco dearly for
    my annual tech support and they NEVER provided anything near what Netopia
    has been able to do.

    BTW - One of the 3387W models has a QoS mode to prioritize VoIP if that's
    what you need. Regarding the home users... you might have to stick with
    the normal VLans but that would be a good question to pose to the Netopia
    sales and/or tech support group to see what they recommend.

    I wish I had more info to answer but it sounds like you are well on your
    way. One last item... each of these routers, especially the main office
    recommended model 4622XL will support up to 15 different and concurrent
    VPN's. That should hold you for a while.

    Good luck.

    bobmct, Aug 17, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.