remote office

quick question .

Have an office in Seattle (home office) 35 users windows domain. Have an
office in Colorado 5 users no domain (right now).

The office in Colorado is projected to grow probably into more of a domain
scenario.

Curious on the best way or ways to make the two office better networked
together?

thanks

geo wrote:

> quick question .
>
> Have an office in Seattle (home office) 35 users windows domain. Have an
> office in Colorado 5 users no domain (right now).
>
> The office in Colorado is projected to grow probably into more of a domain
> scenario.
>
> Curious on the best way or ways to make the two office better networked
> together?
>
> thanks

I assume you already have an Internet connection at the home office and
should have one for the Colorado office. If so, then I would recommend you
create a router to router VPN between the two locations and run the
Colorado office as a subnet of the first. The two sites will act as though
they are physically connected with a network cable.

Most routers can do this and I would recommend using IPSEC. I would also
recommend using Netopia 33xx-ENT series router as they do this very very
well and are extremely reliable.

Good luck and let us know what you end up with.

"bobmct" <(E-Mail Removed)> wrote in message
news:jqxCg.1$(E-Mail Removed)...
> geo wrote:
>
>> quick question .
>>
>> Have an office in Seattle (home office) 35 users windows domain. Have an
>> office in Colorado 5 users no domain (right now).
>>
>> The office in Colorado is projected to grow probably into more of a
>> domain
>> scenario.
>>
>> Curious on the best way or ways to make the two office better networked
>> together?
>>
>> thanks
>
> I assume you already have an Internet connection at the home office and
> should have one for the Colorado office. If so, then I would recommend
> you
> create a router to router VPN between the two locations and run the
> Colorado office as a subnet of the first. The two sites will act as
> though
> they are physically connected with a network cable.
>
> Most routers can do this and I would recommend using IPSEC. I would also
> recommend using Netopia 33xx-ENT series router as they do this very very
> well and are extremely reliable.
>
> Good luck and let us know what you end up with.
>


Thanks. If I have people authenticating into a domain would I need a domain
controller on subnet A and subnet B or the one domain controller in subnet A
is good enough?

"bobmct" <(E-Mail Removed)> wrote in message
news:jqxCg.1$(E-Mail Removed)...
> geo wrote:
>
>> quick question .
>>
>> Have an office in Seattle (home office) 35 users windows domain. Have an
>> office in Colorado 5 users no domain (right now).
>>
>> The office in Colorado is projected to grow probably into more of a
>> domain
>> scenario.
>>
>> Curious on the best way or ways to make the two office better networked
>> together?
>>
>> thanks
>
> I assume you already have an Internet connection at the home office and
> should have one for the Colorado office. If so, then I would recommend
> you
> create a router to router VPN between the two locations and run the
> Colorado office as a subnet of the first. The two sites will act as
> though
> they are physically connected with a network cable.
>
> Most routers can do this and I would recommend using IPSEC. I would also
> recommend using Netopia 33xx-ENT series router as they do this very very
> well and are extremely reliable.
>
> Good luck and let us know what you end up with.
>

Oh yes the home office has a fractional t-1 768K and the remote office is
cable broadband.

The remote office though has to be VERY SIMPLE if you know what I mean.
Basically the person(s) there will basically want to turn their laptop on
and be connected and not really have to know how to do anything.

geo wrote:

>
> "bobmct" <(E-Mail Removed)> wrote in message
> news:jqxCg.1$(E-Mail Removed)...
>> geo wrote:
>>
>>> quick question .
>>>
>>> Have an office in Seattle (home office) 35 users windows domain. Have
>>> an office in Colorado 5 users no domain (right now).
>>>
>>> The office in Colorado is projected to grow probably into more of a
>>> domain
>>> scenario.
>>>
>>> Curious on the best way or ways to make the two office better networked
>>> together?
>>>
>>> thanks
>>
>> I assume you already have an Internet connection at the home office and
>> should have one for the Colorado office. If so, then I would recommend
>> you
>> create a router to router VPN between the two locations and run the
>> Colorado office as a subnet of the first. The two sites will act as
>> though
>> they are physically connected with a network cable.
>>
>> Most routers can do this and I would recommend using IPSEC. I would also
>> recommend using Netopia 33xx-ENT series router as they do this very very
>> well and are extremely reliable.
>>
>> Good luck and let us know what you end up with.
>>
>
> Oh yes the home office has a fractional t-1 768K and the remote office is
> cable broadband.
>
> The remote office though has to be VERY SIMPLE if you know what I mean.
> Basically the person(s) there will basically want to turn their laptop on
> and be connected and not really have to know how to do anything.

1) the remote office would authenticate to the domain controller on subnet A
in the main office over the VPN.

The VPN, being router-to-router makes the remote office appear as if it were
locally attached to the main office and ALL traffic between them is
secured. Once defined this is all automatic.

2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
Once there is an Internet connection it's "cake" from then on. The ONLY
item that would make it much easier is if you could assure a "static" IP
for the remote router connected to the cable modem. Most cable ISP's will
do this based on MAC address. The configuration is actually a dynamically
assigned protocol but based on the configuration made that particular MAC
address will ALWAYS receive the SAME IP address.

Now, here's the part for you... once you know the IP's involved YOU can
configurate the remote router locally at your site using the parameters
that will be required for the remote end. Once complete send the router
down to the location and have them connect it to their cable modem. As
most of these routers also have multi-port switches built in they can plug
their network cables from their PC's and printers directly into the router.
From that point on there is virtually NOTHING that the users have to do.
It will just WORK (assuming its been setup correctly).

You didn't mention wireless as this is another common feature for remote
locations.

Good luck and depending on the brand of router you purchase to handle the
task the manufactures tech support could/should/would provide assistance to
get it up and running. In my first response I recommended netopia. One
reason is that IF you are using their equipment, for a paltry sum of $99
THEY will connect remotely to BOTH ends and configure the VPN for you and
get it going. Believe me, if you've never done this before, the $99 is
well worth the money.

Good luck.

Bob

"bobmct" <(E-Mail Removed)> wrote in message
news:Te9Dg.4$(E-Mail Removed)...
> geo wrote:
>
>>
>> "bobmct" <(E-Mail Removed)> wrote in message
>> news:jqxCg.1$(E-Mail Removed)...
>>> geo wrote:
>>>
>>>> quick question .
>>>>
>>>> Have an office in Seattle (home office) 35 users windows domain. Have
>>>> an office in Colorado 5 users no domain (right now).
>>>>
>>>> The office in Colorado is projected to grow probably into more of a
>>>> domain
>>>> scenario.
>>>>
>>>> Curious on the best way or ways to make the two office better networked
>>>> together?
>>>>
>>>> thanks
>>>
>>> I assume you already have an Internet connection at the home office and
>>> should have one for the Colorado office. If so, then I would recommend
>>> you
>>> create a router to router VPN between the two locations and run the
>>> Colorado office as a subnet of the first. The two sites will act as
>>> though
>>> they are physically connected with a network cable.
>>>
>>> Most routers can do this and I would recommend using IPSEC. I would
>>> also
>>> recommend using Netopia 33xx-ENT series router as they do this very very
>>> well and are extremely reliable.
>>>
>>> Good luck and let us know what you end up with.
>>>
>>
>> Oh yes the home office has a fractional t-1 768K and the remote office is
>> cable broadband.
>>
>> The remote office though has to be VERY SIMPLE if you know what I mean.
>> Basically the person(s) there will basically want to turn their laptop on
>> and be connected and not really have to know how to do anything.
>
> 1) the remote office would authenticate to the domain controller on subnet
> A
> in the main office over the VPN.
>
> The VPN, being router-to-router makes the remote office appear as if it
> were
> locally attached to the main office and ALL traffic between them is
> secured. Once defined this is all automatic.
>
> 2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
> Once there is an Internet connection it's "cake" from then on. The ONLY
> item that would make it much easier is if you could assure a "static" IP
> for the remote router connected to the cable modem. Most cable ISP's will
> do this based on MAC address. The configuration is actually a dynamically
> assigned protocol but based on the configuration made that particular MAC
> address will ALWAYS receive the SAME IP address.
>
> Now, here's the part for you... once you know the IP's involved YOU can
> configurate the remote router locally at your site using the parameters
> that will be required for the remote end. Once complete send the router
> down to the location and have them connect it to their cable modem. As
> most of these routers also have multi-port switches built in they can plug
> their network cables from their PC's and printers directly into the
> router.
> From that point on there is virtually NOTHING that the users have to do.
> It will just WORK (assuming its been setup correctly).
>
> You didn't mention wireless as this is another common feature for remote
> locations.
>
> Good luck and depending on the brand of router you purchase to handle the
> task the manufactures tech support could/should/would provide assistance
> to
> get it up and running. In my first response I recommended netopia. One
> reason is that IF you are using their equipment, for a paltry sum of $99
> THEY will connect remotely to BOTH ends and configure the VPN for you and
> get it going. Believe me, if you've never done this before, the $99 is
> well worth the money.
>
> Good luck.
>
> Bob


Thanks Bob,

I'm just trying to gather the information together to get this going.
Probably won't do it until October. But I'd like to plan it out before we
do anything.

So how would the remote office connect to the Internet? Would they be using
the connection from the Home Office out to the Internet. Oh and yes the
remote office users will connect wirelessly to the LAN.

This question may not be related but at the home office there is just one
big LAN about 50 users and maybe 10 or so printers. Would it be wise to
separate out into separate VLAN's If so I'm curious on how the
authentication to the domain takes place would you have to have domain
controllers on each VLAN?

Thanks
Geo

"geo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed). ..
>
> "bobmct" <(E-Mail Removed)> wrote in message
> news:Te9Dg.4$(E-Mail Removed)...
>> geo wrote:
>>
>>>
>>> "bobmct" <(E-Mail Removed)> wrote in message
>>> news:jqxCg.1$(E-Mail Removed)...
>>>> geo wrote:
>>>>
>>>>> quick question .
>>>>>
>>>>> Have an office in Seattle (home office) 35 users windows domain. Have
>>>>> an office in Colorado 5 users no domain (right now).
>>>>>
>>>>> The office in Colorado is projected to grow probably into more of a
>>>>> domain
>>>>> scenario.
>>>>>
>>>>> Curious on the best way or ways to make the two office better
>>>>> networked
>>>>> together?
>>>>>
>>>>> thanks
>>>>
>>>> I assume you already have an Internet connection at the home office and
>>>> should have one for the Colorado office. If so, then I would recommend
>>>> you
>>>> create a router to router VPN between the two locations and run the
>>>> Colorado office as a subnet of the first. The two sites will act as
>>>> though
>>>> they are physically connected with a network cable.
>>>>
>>>> Most routers can do this and I would recommend using IPSEC. I would
>>>> also
>>>> recommend using Netopia 33xx-ENT series router as they do this very
>>>> very
>>>> well and are extremely reliable.
>>>>
>>>> Good luck and let us know what you end up with.
>>>>
>>>
>>> Oh yes the home office has a fractional t-1 768K and the remote office
>>> is
>>> cable broadband.
>>>
>>> The remote office though has to be VERY SIMPLE if you know what I mean.
>>> Basically the person(s) there will basically want to turn their laptop
>>> on
>>> and be connected and not really have to know how to do anything.
>>
>> 1) the remote office would authenticate to the domain controller on
>> subnet A
>> in the main office over the VPN.
>>
>> The VPN, being router-to-router makes the remote office appear as if it
>> were
>> locally attached to the main office and ALL traffic between them is
>> secured. Once defined this is all automatic.
>>
>> 2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
>> Once there is an Internet connection it's "cake" from then on. The ONLY
>> item that would make it much easier is if you could assure a "static" IP
>> for the remote router connected to the cable modem. Most cable ISP's
>> will
>> do this based on MAC address. The configuration is actually a
>> dynamically
>> assigned protocol but based on the configuration made that particular MAC
>> address will ALWAYS receive the SAME IP address.
>>
>> Now, here's the part for you... once you know the IP's involved YOU can
>> configurate the remote router locally at your site using the parameters
>> that will be required for the remote end. Once complete send the router
>> down to the location and have them connect it to their cable modem. As
>> most of these routers also have multi-port switches built in they can
>> plug
>> their network cables from their PC's and printers directly into the
>> router.
>> From that point on there is virtually NOTHING that the users have to do.
>> It will just WORK (assuming its been setup correctly).
>>
>> You didn't mention wireless as this is another common feature for remote
>> locations.
>>
>> Good luck and depending on the brand of router you purchase to handle the
>> task the manufactures tech support could/should/would provide assistance
>> to
>> get it up and running. In my first response I recommended netopia. One
>> reason is that IF you are using their equipment, for a paltry sum of $99
>> THEY will connect remotely to BOTH ends and configure the VPN for you and
>> get it going. Believe me, if you've never done this before, the $99 is
>> well worth the money.
>>
>> Good luck.
>>
>> Bob
>
>
> Thanks Bob,
>
> I'm just trying to gather the information together to get this going.
> Probably won't do it until October. But I'd like to plan it out before we
> do anything.
>
> So how would the remote office connect to the Internet? Would they be
> using the connection from the Home Office out to the Internet. Oh and
> yes the remote office users will connect wirelessly to the LAN.
>
> This question may not be related but at the home office there is just one
> big LAN about 50 users and maybe 10 or so printers. Would it be wise to
> separate out into separate VLAN's If so I'm curious on how the
> authentication to the domain takes place would you have to have domain
> controllers on each VLAN?
>
> Thanks
> Geo
>


I should mention that at the home office there is a cisco 1720 router (due
for replacement though) and after that is a watchguard firebox x 500,
would that have any affect on the Netopia?

I've never had to connect remote offices so I'm a little unfamiliar with my
options.

Thanks
George

geo wrote:

>
> "bobmct" <(E-Mail Removed)> wrote in message
> news:Te9Dg.4$(E-Mail Removed)...
>> geo wrote:
>>
>>>
>>> "bobmct" <(E-Mail Removed)> wrote in message
>>> news:jqxCg.1$(E-Mail Removed)...
>>>> geo wrote:
>>>>
>>>>> quick question .
>>>>>
>>>>> Have an office in Seattle (home office) 35 users windows domain. Have
>>>>> an office in Colorado 5 users no domain (right now).
>>>>>
>>>>> The office in Colorado is projected to grow probably into more of a
>>>>> domain
>>>>> scenario.
>>>>>
>>>>> Curious on the best way or ways to make the two office better
>>>>> networked together?
>>>>>
>>>>> thanks
>>>>
>>>> I assume you already have an Internet connection at the home office and
>>>> should have one for the Colorado office. If so, then I would recommend
>>>> you
>>>> create a router to router VPN between the two locations and run the
>>>> Colorado office as a subnet of the first. The two sites will act as
>>>> though
>>>> they are physically connected with a network cable.
>>>>
>>>> Most routers can do this and I would recommend using IPSEC. I would
>>>> also
>>>> recommend using Netopia 33xx-ENT series router as they do this very
>>>> very well and are extremely reliable.
>>>>
>>>> Good luck and let us know what you end up with.
>>>>
>>>
>>> Oh yes the home office has a fractional t-1 768K and the remote office
>>> is cable broadband.
>>>
>>> The remote office though has to be VERY SIMPLE if you know what I mean.
>>> Basically the person(s) there will basically want to turn their laptop
>>> on and be connected and not really have to know how to do anything.
>>
>> 1) the remote office would authenticate to the domain controller on
>> subnet A
>> in the main office over the VPN.
>>
>> The VPN, being router-to-router makes the remote office appear as if it
>> were
>> locally attached to the main office and ALL traffic between them is
>> secured. Once defined this is all automatic.
>>
>> 2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
>> Once there is an Internet connection it's "cake" from then on. The ONLY
>> item that would make it much easier is if you could assure a "static" IP
>> for the remote router connected to the cable modem. Most cable ISP's
>> will
>> do this based on MAC address. The configuration is actually a
>> dynamically assigned protocol but based on the configuration made that
>> particular MAC address will ALWAYS receive the SAME IP address.
>>
>> Now, here's the part for you... once you know the IP's involved YOU can
>> configurate the remote router locally at your site using the parameters
>> that will be required for the remote end. Once complete send the router
>> down to the location and have them connect it to their cable modem. As
>> most of these routers also have multi-port switches built in they can
>> plug their network cables from their PC's and printers directly into the
>> router.
>> From that point on there is virtually NOTHING that the users have to do.
>> It will just WORK (assuming its been setup correctly).
>>
>> You didn't mention wireless as this is another common feature for remote
>> locations.
>>
>> Good luck and depending on the brand of router you purchase to handle the
>> task the manufactures tech support could/should/would provide assistance
>> to
>> get it up and running. In my first response I recommended netopia. One
>> reason is that IF you are using their equipment, for a paltry sum of $99
>> THEY will connect remotely to BOTH ends and configure the VPN for you and
>> get it going. Believe me, if you've never done this before, the $99 is
>> well worth the money.
>>
>> Good luck.
>>
>> Bob
>
>
> Thanks Bob,
>
> I'm just trying to gather the information together to get this going.
> Probably won't do it until October. But I'd like to plan it out before we
> do anything.
>
> So how would the remote office connect to the Internet? Would they be
> using
> the connection from the Home Office out to the Internet. Oh and yes the
> remote office users will connect wirelessly to the LAN.
>
> This question may not be related but at the home office there is just one
> big LAN about 50 users and maybe 10 or so printers. Would it be wise to
> separate out into separate VLAN's If so I'm curious on how the
> authentication to the domain takes place would you have to have domain
> controllers on each VLAN?
>
> Thanks
> Geo

Geo;

Again, I'm partial to Netopia only because I've had such good luck with
their products and their tech support is top notch. And I'm referring to
multiple commercial grade installations, not just a single home network
(although thats what I am using at home with a VPN to my office).

For example: if the remote office had either a cable or dsl Internet
connection the cable/dsl would terminate in a Cable/DSL modem. You would
connect, using a Cat5e cable from the LAN port of the modem to the WAN port
of the router. In the case of Netopia, I'd recommend the model 3387WG-ENT,
which which will be your gateway to the Internet, act as the end-point for
your VPN, act as your NAT device for your remote users, provide DHCP
services to your remote users AND be the wireless access point for your
wireless users using either 802.11b or 802.11G with none, WEP, WPA or WPA2.
In fact, it can be quite a work horse. I now this will work for you
because I've installed it in similar remote sites as yours doing exactly
what your asking.

Please visit the Netopia site (www.netopia.com) and navigate to their
support section for broadband equipment and then look for "technical
papers" or documents. They have numerous ones that explain how to
accomplish many of these things using their equipment. And don't forget,
if you are using their equipment, they can and will do the config for you
for a very nominal fee. In fact, if you are concerned about support, you
can purchase annual support contracts for as low as $99.

Also, you mentioned about establishing multiple VLANS for your users. I
would recommend doing as I outlined above where your remote users connect
with the gateway/router and then the router handles the VPN overhead. Its
much faster with its special algorithms and chipsets, etc and you don't
have to be concerned about all the individual windows configurations and
setups for same. Using the wireless client services, each users' signal
would be encrypted from their machine to the router, then decrypted and
re-encrypted for transport over the VPN where the host site decrypts it
before passing it on to the LAN there. Its all magic and its done with
lots of mirrors and smoke

Also, setup this way you would provide either the IP or the hostname of your
single domain controller at the main office and the remote users will
authenticate on that with virtually ZERO lag. You WILL be surprized at how
fast and transparent this all will be to the users.

Good luck,

Bob

geo wrote:

>
> "geo" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed). ..
>>
>> "bobmct" <(E-Mail Removed)> wrote in message
>> news:Te9Dg.4$(E-Mail Removed)...
>>> geo wrote:
>>>
>>>>
>>>> "bobmct" <(E-Mail Removed)> wrote in message
>>>> news:jqxCg.1$(E-Mail Removed)...
>>>>> geo wrote:
>>>>>
>>>>>> quick question .
>>>>>>
>>>>>> Have an office in Seattle (home office) 35 users windows domain.
>>>>>> Have an office in Colorado 5 users no domain (right now).
>>>>>>
>>>>>> The office in Colorado is projected to grow probably into more of a
>>>>>> domain
>>>>>> scenario.
>>>>>>
>>>>>> Curious on the best way or ways to make the two office better
>>>>>> networked
>>>>>> together?
>>>>>>
>>>>>> thanks
>>>>>
>>>>> I assume you already have an Internet connection at the home office
>>>>> and
>>>>> should have one for the Colorado office. If so, then I would
>>>>> recommend you
>>>>> create a router to router VPN between the two locations and run the
>>>>> Colorado office as a subnet of the first. The two sites will act as
>>>>> though
>>>>> they are physically connected with a network cable.
>>>>>
>>>>> Most routers can do this and I would recommend using IPSEC. I would
>>>>> also
>>>>> recommend using Netopia 33xx-ENT series router as they do this very
>>>>> very
>>>>> well and are extremely reliable.
>>>>>
>>>>> Good luck and let us know what you end up with.
>>>>>
>>>>
>>>> Oh yes the home office has a fractional t-1 768K and the remote office
>>>> is
>>>> cable broadband.
>>>>
>>>> The remote office though has to be VERY SIMPLE if you know what I mean.
>>>> Basically the person(s) there will basically want to turn their laptop
>>>> on
>>>> and be connected and not really have to know how to do anything.
>>>
>>> 1) the remote office would authenticate to the domain controller on
>>> subnet A
>>> in the main office over the VPN.
>>>
>>> The VPN, being router-to-router makes the remote office appear as if it
>>> were
>>> locally attached to the main office and ALL traffic between them is
>>> secured. Once defined this is all automatic.
>>>
>>> 2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
>>> Once there is an Internet connection it's "cake" from then on. The ONLY
>>> item that would make it much easier is if you could assure a "static" IP
>>> for the remote router connected to the cable modem. Most cable ISP's
>>> will
>>> do this based on MAC address. The configuration is actually a
>>> dynamically
>>> assigned protocol but based on the configuration made that particular
>>> MAC address will ALWAYS receive the SAME IP address.
>>>
>>> Now, here's the part for you... once you know the IP's involved YOU can
>>> configurate the remote router locally at your site using the parameters
>>> that will be required for the remote end. Once complete send the router
>>> down to the location and have them connect it to their cable modem. As
>>> most of these routers also have multi-port switches built in they can
>>> plug
>>> their network cables from their PC's and printers directly into the
>>> router.
>>> From that point on there is virtually NOTHING that the users have to do.
>>> It will just WORK (assuming its been setup correctly).
>>>
>>> You didn't mention wireless as this is another common feature for remote
>>> locations.
>>>
>>> Good luck and depending on the brand of router you purchase to handle
>>> the task the manufactures tech support could/should/would provide
>>> assistance to
>>> get it up and running. In my first response I recommended netopia.
>>> One reason is that IF you are using their equipment, for a paltry sum of
>>> $99 THEY will connect remotely to BOTH ends and configure the VPN for
>>> you and
>>> get it going. Believe me, if you've never done this before, the $99 is
>>> well worth the money.
>>>
>>> Good luck.
>>>
>>> Bob
>>
>>
>> Thanks Bob,
>>
>> I'm just trying to gather the information together to get this going.
>> Probably won't do it until October. But I'd like to plan it out before
>> we do anything.
>>
>> So how would the remote office connect to the Internet? Would they be
>> using the connection from the Home Office out to the Internet. Oh and
>> yes the remote office users will connect wirelessly to the LAN.
>>
>> This question may not be related but at the home office there is just one
>> big LAN about 50 users and maybe 10 or so printers. Would it be wise to
>> separate out into separate VLAN's If so I'm curious on how the
>> authentication to the domain takes place would you have to have domain
>> controllers on each VLAN?
>>
>> Thanks
>> Geo
>>
>
>
> I should mention that at the home office there is a cisco 1720 router (due
> for replacement though) and after that is a watchguard firebox x 500,
> would that have any affect on the Netopia?
>
> I've never had to connect remote offices so I'm a little unfamiliar with
> my options.
>
> Thanks
> George


Again, as I am biased towards the Netopia I would recommend the model
R4622-XL to replace the 1720. Its got more horsepower than the 3387 but
the configuration screens are EXACTLY the same. Nice this is that you/one
can connect via telnet and do the configuration remotely even including
firmware upgrades if they ever become needed.

I no little about the Watchguard. I doubt that it would have much
interference as it usually installs in SERIES with the main router. I
would recommend first visiting the Watchguard tech support site for info,
guidance and examples and then the Netopia site for similar support. Once
again, if you have their support contract (Netopia) THEY will handle this
for you very inexpensively.

Bob

"bobmct" <(E-Mail Removed)> wrote in message
news:xQ8Eg.1$(E-Mail Removed)...
> geo wrote:
>
>>
>> "bobmct" <(E-Mail Removed)> wrote in message
>> news:Te9Dg.4$(E-Mail Removed)...
>>> geo wrote:
>>>
>>>>
>>>> "bobmct" <(E-Mail Removed)> wrote in message
>>>> news:jqxCg.1$(E-Mail Removed)...
>>>>> geo wrote:
>>>>>
>>>>>> quick question .
>>>>>>
>>>>>> Have an office in Seattle (home office) 35 users windows domain.
>>>>>> Have
>>>>>> an office in Colorado 5 users no domain (right now).
>>>>>>
>>>>>> The office in Colorado is projected to grow probably into more of a
>>>>>> domain
>>>>>> scenario.
>>>>>>
>>>>>> Curious on the best way or ways to make the two office better
>>>>>> networked together?
>>>>>>
>>>>>> thanks
>>>>>
>>>>> I assume you already have an Internet connection at the home office
>>>>> and
>>>>> should have one for the Colorado office. If so, then I would
>>>>> recommend
>>>>> you
>>>>> create a router to router VPN between the two locations and run the
>>>>> Colorado office as a subnet of the first. The two sites will act as
>>>>> though
>>>>> they are physically connected with a network cable.
>>>>>
>>>>> Most routers can do this and I would recommend using IPSEC. I would
>>>>> also
>>>>> recommend using Netopia 33xx-ENT series router as they do this very
>>>>> very well and are extremely reliable.
>>>>>
>>>>> Good luck and let us know what you end up with.
>>>>>
>>>>
>>>> Oh yes the home office has a fractional t-1 768K and the remote office
>>>> is cable broadband.
>>>>
>>>> The remote office though has to be VERY SIMPLE if you know what I mean.
>>>> Basically the person(s) there will basically want to turn their laptop
>>>> on and be connected and not really have to know how to do anything.
>>>
>>> 1) the remote office would authenticate to the domain controller on
>>> subnet A
>>> in the main office over the VPN.
>>>
>>> The VPN, being router-to-router makes the remote office appear as if it
>>> were
>>> locally attached to the main office and ALL traffic between them is
>>> secured. Once defined this is all automatic.
>>>
>>> 2) the type of connection (Frac T1 and/or Cable IP) makes NO difference.
>>> Once there is an Internet connection it's "cake" from then on. The ONLY
>>> item that would make it much easier is if you could assure a "static" IP
>>> for the remote router connected to the cable modem. Most cable ISP's
>>> will
>>> do this based on MAC address. The configuration is actually a
>>> dynamically assigned protocol but based on the configuration made that
>>> particular MAC address will ALWAYS receive the SAME IP address.
>>>
>>> Now, here's the part for you... once you know the IP's involved YOU can
>>> configurate the remote router locally at your site using the parameters
>>> that will be required for the remote end. Once complete send the router
>>> down to the location and have them connect it to their cable modem. As
>>> most of these routers also have multi-port switches built in they can
>>> plug their network cables from their PC's and printers directly into the
>>> router.
>>> From that point on there is virtually NOTHING that the users have to do.
>>> It will just WORK (assuming its been setup correctly).
>>>
>>> You didn't mention wireless as this is another common feature for remote
>>> locations.
>>>
>>> Good luck and depending on the brand of router you purchase to handle
>>> the
>>> task the manufactures tech support could/should/would provide assistance
>>> to
>>> get it up and running. In my first response I recommended netopia.
>>> One
>>> reason is that IF you are using their equipment, for a paltry sum of $99
>>> THEY will connect remotely to BOTH ends and configure the VPN for you
>>> and
>>> get it going. Believe me, if you've never done this before, the $99 is
>>> well worth the money.
>>>
>>> Good luck.
>>>
>>> Bob
>>
>>
>> Thanks Bob,
>>
>> I'm just trying to gather the information together to get this going.
>> Probably won't do it until October. But I'd like to plan it out before
>> we
>> do anything.
>>
>> So how would the remote office connect to the Internet? Would they be
>> using
>> the connection from the Home Office out to the Internet. Oh and yes the
>> remote office users will connect wirelessly to the LAN.
>>
>> This question may not be related but at the home office there is just one
>> big LAN about 50 users and maybe 10 or so printers. Would it be wise to
>> separate out into separate VLAN's If so I'm curious on how the
>> authentication to the domain takes place would you have to have domain
>> controllers on each VLAN?
>>
>> Thanks
>> Geo
>
> Geo;
>
> Again, I'm partial to Netopia only because I've had such good luck with
> their products and their tech support is top notch. And I'm referring to
> multiple commercial grade installations, not just a single home network
> (although thats what I am using at home with a VPN to my office).
>
> For example: if the remote office had either a cable or dsl Internet
> connection the cable/dsl would terminate in a Cable/DSL modem. You would
> connect, using a Cat5e cable from the LAN port of the modem to the WAN
> port
> of the router. In the case of Netopia, I'd recommend the model
> 3387WG-ENT,
> which which will be your gateway to the Internet, act as the end-point for
> your VPN, act as your NAT device for your remote users, provide DHCP
> services to your remote users AND be the wireless access point for your
> wireless users using either 802.11b or 802.11G with none, WEP, WPA or
> WPA2.
> In fact, it can be quite a work horse. I now this will work for you
> because I've installed it in similar remote sites as yours doing exactly
> what your asking.
>
> Please visit the Netopia site (www.netopia.com) and navigate to their
> support section for broadband equipment and then look for "technical
> papers" or documents. They have numerous ones that explain how to
> accomplish many of these things using their equipment. And don't forget,
> if you are using their equipment, they can and will do the config for you
> for a very nominal fee. In fact, if you are concerned about support, you
> can purchase annual support contracts for as low as $99.
>
> Also, you mentioned about establishing multiple VLANS for your users. I
> would recommend doing as I outlined above where your remote users connect
> with the gateway/router and then the router handles the VPN overhead. Its
> much faster with its special algorithms and chipsets, etc and you don't
> have to be concerned about all the individual windows configurations and
> setups for same. Using the wireless client services, each users' signal
> would be encrypted from their machine to the router, then decrypted and
> re-encrypted for transport over the VPN where the host site decrypts it
> before passing it on to the LAN there. Its all magic and its done with
> lots of mirrors and smoke
>
> Also, setup this way you would provide either the IP or the hostname of
> your
> single domain controller at the main office and the remote users will
> authenticate on that with virtually ZERO lag. You WILL be surprized at
> how
> fast and transparent this all will be to the users.
>
> Good luck,
>
> Bob


Thanks Bob,

That's exactly what I'm nervous about is the lag time. Users are very
impatient and want things in an instant like we all do.

So I should still be able to do a single domain being that I really don't
have many users 40 in-house. I have 8 remote sales people in 8 remote
(local same state same county) locations (one sales person per location) and
2 remote (in different states) locations that have again 1 or 2 people in
the office at the most for the time being. One of those locations might
expand in the future where I might have to look at possibly different
solutions???

But I'm very interested in the Netopia solution sounds like the way to go
for the $$$. I've also been looking at Cisco but they are expensive.

Thanks for your help in understanding a little better.

George