VPN Architecture

[atlrocks07]

I got put on a project to install a single network device at about 9 different site.This device will communicate back to a master device that is located at the customer main site via vpn router at each site. My question here is how should i structure the network address for each site. The main site is 192.168.0.x/24 network. I have full control of restructing each site networking scheme. At each site the max of ip's use is about 10-20. Should i just keep structuring each site a /24 or no?

 

[cyr0n_k0r]

Sure, make it easy on yourself and any future guy.
Keep every LAN a /24, however use a different /24 for each site starting at 0 being the main office. Then just count 192.168.1.x, .2.x, .3.x, etc.

 

[Valnar]

I would use something other than 192.168.x.0/24. Or at least jump over 192.168.1.0. Just my opinion. You never know what future mergers or acquisitions will occur.

Maybe 192.168.205.0, or 172.23.1.0? Something like that.

 

[YeOldeStonecat]

Yeah I tend to stay away from the 192.168.0.xxx and 192.168.1.xxx if I can. I'll often change the 3rd octet to something like .10..and go on from there. First site 192.168.10.xxx, second site 192.168.11.xxx, etc.

Reason was...back in the older days of remote access, most VPN servers didn't like remote clients using the same IP range. Most home grade routers are 192.168.0.xxx or 192.168.1.xxx. If the main office was at 192.168.0.xxx, and you setup remote users...you'd have to change their routers default LAN IP at the remote users home...and that just leads to a buncha management issues. Rather setup the office once..and never worry about that again.

These days...not really an issue with newer remote access technologies....having people VPN in from home is diminishing. So it's just an old habit.

 

[Orddie]

These days...not really an issue with newer remote access technologies....having people VPN in from home is diminishing. So it's just an old habit.

As I talk to more and more people.... I'm find more and more users are working from home. The bank i work for now have a citrix portal and VPN access. My Partner has a citrix portal to his own company as well.

I think more and more people are using portals verse full blown VPN. With portals ip does not really matter (that much)

 

[calvinj]

I too agree stay away from 192.168.x.x address's. Too often it overlaps with home networks. Stick with the 172 or 10 networks and use /24s for the setup of each site.

 

[Jay_2]

I have just removed our VPN access and replaced it with Citrix as well. IPSec we try to keep remote office on 192.168.x.x and head office on 172.16.x.x

 

[YeOldeStonecat]

A
I think more and more people are using portals verse full blown VPN. With portals ip does not really matter (that much)

Yup....portals like TSGateway. Or smaller setups....Windows MESH, or logmein type stuff. Even most browser based SSL VPN setups don't care about IP like older IPSec and PPTP VPN.