Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[tommytuna]

Hi Everyone,

This is a great thread. We have been running a DFL 210 for almost three years - Wish I found this forum sooner for times we were in a pinch.  Anyway, fast forward to today and we're expanding to a second location and also bringing on a second company.  This is causing us to rethink our network and looking at a site to site vpn. Here are the requirements - not sure that the DFL 210s could do this - hopefully someone can validate:

Background
- Two physical offices - OfficeMain and OfficeSat
- OfficeMain will have two company networks (hope to use VLANs and separate subnets to separate) rolling up to a DFL 210 with a single WAN connection with dynamic IP). Each compnay will have their own server sitting on the VLAN handling DHCP, DNS etc.
- OfficeSat will just be a basic setup with a DFL 210 and one WAN connection (dynamic IP)

Requirements
- Establish a site to site VPN between Officemain and OfficeSat using the dynamic IPs (saw people having issues with the dynamic IP part of this)
- Site to site VPN should allow both VLANs at OfficeMain to communicate with the single network at OfficeSat
- Users will also be roaming and will require VPN (IPSEC) access to either network (likely no more than 10 IPSEC tunnels per site at any one time). Can the DLink support the site to site and end user vpns simultaneously on the same dynamic IP?
- Key requirement is for port forwarding to work with both VLANs at OfficeMain (i saw the low end Ciscos have issues with this). We want to provide access to terminal services web gateway on VLAN 1 and VLAN 2

Can the DFL210 handle the above without issue?  Thanks in advance!

[danilovav]

For first look DFL-210 can handle all your requirements. But please keep in mind, DFL-210 is recommended for networks up to 50 clients and/or 80 mbit/sec performance. VPN (IPsec) performance is about 20-25 mbit/sec. Maybe, you will need to use DFL-800 at OfficeMain (150 mbit/sec, VPN - about 60 mbit/sec).

About your requirements
- VLANs on DFL. DFL-210 supports up to 8 VLANs and every VLAN is separated intreface without any limitations (i know just one - unable to use DHCP client). But also, you can use DMZ port as LAN2 to connect second network
- VPN between 2 offices with dynamic IP addresses. I can recommend you to use DynDNS service on both DFLs, in this case you can specify dynamically updated FDQN names as remote enpoints and your IPsec becomes static
- No problem to provide access to both networks/VLANs thru IPsec - just don't forget to specify this networks on IPsec's settings
- IPsec remote access also avaliable, but if you want to use this feature, you will need to purchase client. Or, you can use PPTP or L2TP over IPsec - Windows can it by default
- No problems to forward ports to any direction. Just use different ports (last version of MS RDP client has support of different ports) for servers and it will works

[tommytuna]

Thanks so much for reviewing the requirements.  I will check out the DFL 800 as well.

I will be back i'm sure with more quesitons as I start to set this up.  Couple other things that come to mind:

-I assume I will need a managed switch in the main office to handle the VLAN switching correct?
-If my site to site VPN needs more bandwidth - can i use the DMZ port on both sides to dedicate a second WAN connection tot he site to site.

[danilovav]

1) As i wrote before, you can use DMZ port as LAN2 (for network #2 in main office). Or, if you want to use VLANs, you need L2 managed switch, right

2) It's impossible to force IPsec traffic go thru WAN2 because of some NetDefend limitations, but you can set WAN1 for IPsec (VPN) and WAN2 for LAN clients (by PBR).

[tommytuna]

Hi there - so i'm trying to spec out a basic Gigabit dlink switch that can handle this VLAN setup in conjunction with the DFL 210.  10-16 ports would do the trick but there are sooo many options out there. Can somebody recommend a switch that will meet the requirements for VLAN aspects of my setup without breaking the bank? Gigabit on each port is key. thx.

[danilovav]

I am not sure what devices you can purchase in your region, but last time i buyed for my configurations DGS-1224. It costs about $300 in Moscow. For my future tests i want to find DGS-3200-16, but this device is more expensive (about $500).

But, you can follow another way. Find minimal managed switch (ex, DIR-100 with VLAN switch f/w = about $30) and connect to VLANned ports unmanaged switches.

Or, as i wrote before, use DMZ as LAN2 and connect unmanaged switches to LAN and LAN2 (DMZ).

Your choice.