Connection query

justin867

Hi,
Q1. What are the options for guest A office to connect their office LAN (computers/printers) to their head office aside from IP sec tunnel?
Our network has 2 guest WIFI vlans, 1 is public guest WIFI and another is for guest A which is an office.
Guest A needs their office to be connected to their head office, they said they usually use IP sec to connect to main office.
We have 2 ISP and one of them is down now.
Q2. What are the things I need to be aware and prepared with regards to my network for Guest A connection requirements?

scottalanmiller

IPSec VPNs work basically anywhere. There is very little to know (from a high level, actually setting up the tunnel is a huge number of knobs and buttons that have to match correctly on both ends.)

IPSec is just a VPN, the most common and normal one, in fact. So once you have an IPSec tunnel, there is nothing to know at all for Q1 - the two ends of the tunnel are on the same network as soon as you have the tunnel so they are fully connected immediately. It "just works."

scottalanmiller

@justin867 said in Connection query:

Q2. What are the things I need to be aware and prepared with regards to my network for Guest A connection requirements?

Just the IPSec connection details to make a new tunnel.

justin867

how about the bandwidth and security factors on my network?

scottalanmiller

@justin867 said in Connection query:

how about ... security factors on my network?

VPNs are always a huge security concern because they expand the LAN. You are hooking two LANs together which, presumably, only is useful when you are using your LAN as your security barrier and then, naturally, by attaching two LANs together under that premise you make your risk pool way larger. Any use of a LAN as a security barrier and any LAN extension of this nature carries a lot of inherent risk. This is why things like VPNs and MPLS today are throwbacks and not how we want to design modern networks. Most companies still operate in this 1990s "LAN based" model, so this is expected and common. But it doesn't change the fact that it in inherently insecure and exactly what things like ransomware leverage.

scottalanmiller

@justin867 said in Connection query:

how about the bandwidth .... on my network?

IPSec doesn't really use any bandwidth. But using your IPSec tunnel will use as much bandwidth as you push data across it. Send one 100KB file over it, you will use 100KB of traffic. Send thousands of 10GB files over it, and you'll use many TB of traffic. This comes down 100% to your use case.