DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Multiple site topology design

  • colin360
  • Topic Author
  • Offline
  • New Member
  • New Member
More
20 Aug 2010 11:43 #63439 by colin360
Multiple site topology design was created by colin360
Hi all,


I have in the past used a vigor 2600vg to establish a vpn to the site b 2700vg and it's worked very well.

I've now got the following scenario, 3 sites, a home, data centre and remote site / print&post.

In summary what I'm hoping is to have Site A talking to Site B and Site C over VPN's.

So the setup requirements of Site A is:

  • a home site primarily
    a guest wireless lan
    a separate DMZ for web previewing/demos



Site A is a fairly old house split over some floors. I suspect the primary router will be in the garage (ease of cable install) with other assets spread throughout. As such at least one AP700 will be needed to help out here. I've not done much with wireless beyond that of the router's own capabilities. So to avoid wasting cash, what combo of AP700's would you recommend to cover 3 floors pretty well witha private WLAN and guest WLAN? I already have a netgear WG602 which appears to have a very limited range (<15'), replaced it with a length of CAT5 (trip hazard).

Ideally I'd like Site A's DMZ to be just that, a zone, not one device. If I recall the draytek can expose one host (ok) totally. Chances are this one host will be a webserver on a VM(xen) box, but essentially more than one device in the DMZ, as such would I be better considering vlans?

If so does the 2930 support vlan in the firewall, or is it purely for the 5300?
http://www.draytek.com/user/SupportAppnotesDetail.php?ID=898


Site B holds some printing and dispatch assets, it has no need to access site C.

Site C is a data centre which has a number of servers in it, currently behind a watchguard x10 firewall, which I am happy to replace for ease of setup. I've read somewhere this morning that the draytek's can connect to the watchguards, has anyone done this or got a link to how / issues?

Here is a picture:

Clicky Large

Site A and B will be connected on a vpn such that Joe in A can print to a printer in B for dispatch.

Site A will be connected to Site C such that Joe can ssh into the servers or data stores etc. This means we can remove the open ports on the watchguard/2955.

When I'm out using my netbook, I need to retain the ability to vpn into site A or Site C or Site B. Is it possible to connect to Site A and "piggy back" on the established vpn to site c/b?

In real world usage we'll have various people connecting to Site A and Site C for maintenance. Are there any known issues for vpn setup on MAC, Linux, I presume windows is fine.


Given all the above, does the diagram and kit hold up to the stated expectations?

Kit I'm looking to purchase is:

  • 1
x vigor 2930vn or 2920vn
1x vigor 2955
nx Ap700 (some combination)


Any comments or thoughts would be gratefully taken on board. Site C is also in live service so I'll need to make sure I get it right.

Thank you for reading,
Colin.

Please Log in or Create an account to join the conversation.

Moderators: Sami