Setting routing to link 2 sites by VPN

I'm looking to join 2 sites via a vpn, however the vpm link will not be used
for www traffic at the 2nd location.
The 2nd office will have it's own dedicated www link to keep traffic to a
minimum on the VPN.
Both sites are on seperate subnets.

E mail & RDP traffic will be sent / recieved over the vpn.
My question is what is the best way to seperate www traffic from vpn site to
site traffic, at the 2nd location

Fred Bloggs <(E-Mail Removed)> wrote:
> I'm looking to join 2 sites via a vpn, however the vpm link will not
> be used for www traffic at the 2nd location.
> The 2nd office will have it's own dedicated www link to keep traffic
> to a minimum on the VPN.
> Both sites are on seperate subnets.
>
> E mail & RDP traffic will be sent / recieved over the vpn.
> My question is what is the best way to seperate www traffic from vpn
> site to site traffic, at the 2nd location

This should be easy enough to control at your router....I'd set up VPN
between two compatible routers/firewalls and not involveWindows in it at
all. My usual preference is Sonicwall appliances.

Alas the router in the initial stages is not able to support this,
so all the routing etc needs to be done via windows...until that is i get a
2nd line in with bigger and better cisco hardware


"Lanwench [MVP - Exchange]"
<(E-Mail Removed) hoo.com> wrote in message
news:(E-Mail Removed)...
> Fred Bloggs <(E-Mail Removed)> wrote:
>> I'm looking to join 2 sites via a vpn, however the vpm link will not
>> be used for www traffic at the 2nd location.
>> The 2nd office will have it's own dedicated www link to keep traffic
>> to a minimum on the VPN.
>> Both sites are on seperate subnets.
>>
>> E mail & RDP traffic will be sent / recieved over the vpn.
>> My question is what is the best way to seperate www traffic from vpn
>> site to site traffic, at the 2nd location
>
> This should be easy enough to control at your router....I'd set up VPN
> between two compatible routers/firewalls and not involveWindows in it at
> all. My usual preference is Sonicwall appliances.
>

This should mainly happen automatically. The only traffic using the
tunnel would be traffic addressed to the private IPs of machines at the
"other" site. http traffic would only use it if the http server was
actually located at this site. Traffic addressed to any other IP address
will still go out to the Internet unencrypted. Only the private traffic for
the "other" site will be tunnelled (ir encrypted and encapsulated).

"Fred Bloggs" <(E-Mail Removed)> wrote in message
news466CF4E-6C4A-4297-9842-(E-Mail Removed)...
> Alas the router in the initial stages is not able to support this,
> so all the routing etc needs to be done via windows...until that is i get
> a 2nd line in with bigger and better cisco hardware
>
>
> "Lanwench [MVP - Exchange]"
> <(E-Mail Removed) hoo.com> wrote in
> message news:(E-Mail Removed)...
>> Fred Bloggs <(E-Mail Removed)> wrote:
>>> I'm looking to join 2 sites via a vpn, however the vpm link will not
>>> be used for www traffic at the 2nd location.
>>> The 2nd office will have it's own dedicated www link to keep traffic
>>> to a minimum on the VPN.
>>> Both sites are on seperate subnets.
>>>
>>> E mail & RDP traffic will be sent / recieved over the vpn.
>>> My question is what is the best way to seperate www traffic from vpn
>>> site to site traffic, at the 2nd location
>>
>> This should be easy enough to control at your router....I'd set up VPN
>> between two compatible routers/firewalls and not involveWindows in it at
>> all. My usual preference is Sonicwall appliances.
>>
>

Hi Bill, but what is the two sites were on a different subnet?



"Bill Grant" <not.available@online> wrote in message
news:Oe7eb%(E-Mail Removed)...
> This should mainly happen automatically. The only traffic using the
> tunnel would be traffic addressed to the private IPs of machines at the
> "other" site. http traffic would only use it if the http server was
> actually located at this site. Traffic addressed to any other IP address
> will still go out to the Internet unencrypted. Only the private traffic
> for the "other" site will be tunnelled (ir encrypted and encapsulated).
>
> "Fred Bloggs" <(E-Mail Removed)> wrote in message
> news466CF4E-6C4A-4297-9842-(E-Mail Removed)...
>> Alas the router in the initial stages is not able to support this,
>> so all the routing etc needs to be done via windows...until that is i get
>> a 2nd line in with bigger and better cisco hardware
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <(E-Mail Removed) hoo.com> wrote in
>> message news:(E-Mail Removed)...
>>> Fred Bloggs <(E-Mail Removed)> wrote:
>>>> I'm looking to join 2 sites via a vpn, however the vpm link will not
>>>> be used for www traffic at the 2nd location.
>>>> The 2nd office will have it's own dedicated www link to keep traffic
>>>> to a minimum on the VPN.
>>>> Both sites are on seperate subnets.
>>>>
>>>> E mail & RDP traffic will be sent / recieved over the vpn.
>>>> My question is what is the best way to seperate www traffic from vpn
>>>> site to site traffic, at the 2nd location
>>>
>>> This should be easy enough to control at your router....I'd set up VPN
>>> between two compatible routers/firewalls and not involveWindows in it at
>>> all. My usual preference is Sonicwall appliances.
>>>
>>
>

The two sites must be in different subnets. You cannot route between them
if they are in the same subnet -- you can only bridge them.

Each router will have a static route for the other site's subnet linked
to the tunnel address. All traffic for this subnet will be encrypted and
encapsulated before it is sent out to the Internet. That is how site to site
VPN works. All other traffic will go directly to the Internet as if the VPN
link did not exist.

"Fred Bloggs" <(E-Mail Removed)> wrote in message
news:A67A83B4-A368-47EE-BC09-(E-Mail Removed)...
> Hi Bill, but what is the two sites were on a different subnet?
>
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:Oe7eb%(E-Mail Removed)...
>> This should mainly happen automatically. The only traffic using the
>> tunnel would be traffic addressed to the private IPs of machines at the
>> "other" site. http traffic would only use it if the http server was
>> actually located at this site. Traffic addressed to any other IP address
>> will still go out to the Internet unencrypted. Only the private traffic
>> for the "other" site will be tunnelled (ir encrypted and encapsulated).
>>
>> "Fred Bloggs" <(E-Mail Removed)> wrote in message
>> news466CF4E-6C4A-4297-9842-(E-Mail Removed)...
>>> Alas the router in the initial stages is not able to support this,
>>> so all the routing etc needs to be done via windows...until that is i
>>> get a 2nd line in with bigger and better cisco hardware
>>>
>>>
>>> "Lanwench [MVP - Exchange]"
>>> <(E-Mail Removed) hoo.com> wrote in
>>> message news:(E-Mail Removed)...
>>>> Fred Bloggs <(E-Mail Removed)> wrote:
>>>>> I'm looking to join 2 sites via a vpn, however the vpm link will not
>>>>> be used for www traffic at the 2nd location.
>>>>> The 2nd office will have it's own dedicated www link to keep traffic
>>>>> to a minimum on the VPN.
>>>>> Both sites are on seperate subnets.
>>>>>
>>>>> E mail & RDP traffic will be sent / recieved over the vpn.
>>>>> My question is what is the best way to seperate www traffic from vpn
>>>>> site to site traffic, at the 2nd location
>>>>
>>>> This should be easy enough to control at your router....I'd set up VPN
>>>> between two compatible routers/firewalls and not involveWindows in it
>>>> at all. My usual preference is Sonicwall appliances.
>>>>
>>>
>>
>