What's the best type of VPN setup for connecting an acquired company's network?
Here's our scenario: Company 1 is in Rhode Island. Its internal network range is 192.168.23.x and the company has a networked printer 192.168.23.45. Company 2 is in Virginia. Its internal network range is 172.16.1.x. It has a Unix server, 172.16.1.200, which the VPN client in Rhode Island needs to telnet into. The software on the Unix server is proprietary and written to print searchable reports to specific printers that can be set up through the software using a Unix printer name, a computer name or a share name.
Company 1 has taken over Company 2 and needs to establish a secure VPN connection from Rhode Island to Virginia, and then establish a telnet connection to the Unix box, use the software and print back to the networked printer (mentioned above) on the local network.
Given this scenario, what would be the best type of VPN to set up? Initially, I set up an IPsec VPN with a ZyWALL USG 50 on the Virginia side and a ShrewSoft VPN client on the Rhode Island side. While this worked, I could only ping Windows boxes on the local 172.16.1.x range and could not ping the Unix box with the VPN connection established. This prevented me from even testing a telnet session. Any help would be greatly appreciated.
Generally, if a bidirectional communication between sites is desired, the best solution would be a site-to-site IPsec VPN. Enterprises typically accomplish this with two similar VPN gateways in both sites that will establish a gateway-to-gateway tunnel, connecting both sites transparently via IP, so all protocols above the IP layer are transparently routed from one site to the other.
I am not sure if this is supported by the USG 50, and depending on desired throughput and connections, you may want to pick a higher-end model for this. You can download a good PDF on how to connect a site-to-site type of VPN on a USG 50.
If you have a large number of users or expect this environment to grow in the future, I suggest you look at vendors that offer a software-based type of VPN solutions. They will accomplish what you desire and provide a wide range of client platforms for your remote access users.
This was first published in October 2012