Should I go single-NIC in a site-to-site VPN environment?

Should I go single-NIC in a site-to-site VPN environment?

Post by David Schr » Fri, 23 Apr 2004 11:10:37


I am going to install SBS2003 at a headquarters office that connects to the
Internet through a Netscreen firewall. The company has one satellite office
with 6 PCs, and I've set up a site-to-site VPN with a second Netscreen at
the satellite office. There is a third office with a single computer that
connects to the main office with Netscreen software.

All of the PCs and the existing server at HQ are in the 192.168.10.0 subnet,
and the PCs at the satellite office are using 192.168.30.0.

It seems to me that in this configuration I must use a single NIC on the SBS
box and give it an IP address in the 192.168.10.0 range. In a dual-NIC
setup, the PCs at the satellite office would only be able to see the
WAN-side NIC, and to access any server resources they'd have to log in via
PPTP -- essentially running a VPN within a VPN. That sounds like a bad idea.

Meanwhile, I'm going to set up a Windows Server 2003 standard box at the
satellite office that HQ wants access to. That, of course, will be single
NIC with an IP of 192.168.30.x.

Do I have this right or am I missing something obvious?
 
 
 

Should I go single-NIC in a site-to-site VPN environment?

Post by Javier Gom » Fri, 23 Apr 2004 22:54:48

Do you have Premium or Standard? I believe it is possible to do this with 2
NICs... but it might be more complicated. If you are running Std or Premium
(without ISA)... then I would use only one NIC. I'm actually working in a
similar scenario right now but with 2 routers in the main office (thanks to
Jeff M that helped me figure out how to do it).

If you are using ISA and you want to use 2 NICs... then post back and I
would try to give the details. I assume the site-to-site VPN is L2TP/IPSEC?

--
Javier [SBS MVP]

<< SBS ROCKS !!! >>

 
 
 

Should I go single-NIC in a site-to-site VPN environment?

Post by David Schr » Fri, 23 Apr 2004 23:08:45

I am not planning to install ISA. I am counting on the firewall to provide
sufficient protection from outside intruders and I have no need for the
added complication of ISA. I also don't need the caching features -- there
are only 20 users with 1 Mbps DSL speed.

"Javier Gomez [SBS MVP]" < XXXX@XXXXX.COM > wrote in

2
Premium
to
L2TP/IPSEC?


the
at
that
via
single
 
 
 

Should I go single-NIC in a site-to-site VPN environment?

Post by Javier Gom » Fri, 23 Apr 2004 23:23:17

My suggestion is that you use one NIC then... no need to complicate matters
:-)

--
Javier [SBS MVP]

<< SBS ROCKS !!! >>
 
 
 

Should I go single-NIC in a site-to-site VPN environment?

Post by David Schr » Sat, 24 Apr 2004 00:14:18

hat's what I thought, but it's good to have a second opinion. Thanks.

"Javier Gomez [SBS MVP]" < XXXX@XXXXX.COM > wrote in
message news:e$ XXXX@XXXXX.COM ...
matters
provide
there
in
with
a
(thanks
to
Netscreen
dual-NIC
in
bad