3 way VPN

dl763 · 1 May 2009 at 10:41

Hi All!

Bit of assistance if you will please.

We have a client who wants to set up a VPN between 3 offices using VPN routers (Draytek Vigors). I've been dumped in the middle of the project as the person handling it has vanished.

I can set up a 2 way VPN using 2 routers but how is it done with 3? As far as I can tell the routers can be either inbound or outbound but not both??

Thanks in advance!

Jon

Skidilliplop · 1 May 2009 at 10:55

You would set up site to site VPN in the same way you would have two remote workers connecting to the netework. You'd have a core site and the other sites connect to that Endpoint. This works fine on Cisco 877s, I'm not familiar with the drayteks you're using but if they have support for two concurrent VPNs then it should be fine.

dl763 · 1 May 2009 at 10:56

Ahh cool, I'll give it a shot. Simple really!

What can I say? This is my first IT job

howler · 1 May 2009 at 11:10

As already sais set one up as your hub site, the Drayteks will support 16 VPN's I think so you should be fine

#Chri5# · 1 May 2009 at 11:11

If you want the two minor sites to talk to each other via the major, it's often called a "hub and spoke" VPN.

Draytek Oz has some notes on setting this up:

http://support.draytek.net.au/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=103&nav=0,25

dl763 · 1 May 2009 at 11:12

Thanks guys

iaind · 1 May 2009 at 12:06

If you've got subnets

A ----- B ------C

You'll probably have to add a static route on A for C's subnet through B and on C for A's subnet through B, unless you set "use default gateway on remote network". That setting will cause all internet traffic to go down the VPN too so its something to consider

Skidilliplop · 1 May 2009 at 12:22

iaind said:
If you've got subnets

A ----- B ------C

You'll probably have to add a static route on A for C's subnet through B and on C for A's subnet through B, unless you set "use default gateway on remote network". That setting will cause all internet traffic to go down the VPN too so its something to consider

I'd recommend static routing for this kind of venture. Sorry for not mentioning that earlier I took for granted that routing would be configured.

One thing worth checking, make sure the sites don't use the same local subnet. E.G if A uses 192.168.0.0 for local B can't use the same else you'll get routing problems. It CAN be done but it's not something you wanna be attempting if this is your first IT job

dl763 · 1 May 2009 at 13:47

I've been told that the three offices have the following IP addresses set up

192.168.1.X
192.168.2.X
192.168.3.X

Is that ok to proceed with?

slylittlefox · 1 May 2009 at 13:49

dl763 · 1 May 2009 at 14:08

Okily, now all I have to do is get it working.

Thx for the help guys.

howler · 1 May 2009 at 14:12

Draytek VPN's are pretty straight forward really, shout if you get stuck