Here’s the requirements:
I have a project that requires two separate SBS networks to communicate with each other. These two network also will share a third network where the printers will be placed. The printers are network printers and both SBS servers will print to them. The two networks also must connect to a branch office. The branch office will have two separate networks connecting back to the main office with a VPN. There will be two separate VPNs (one for each of the two SBS installations).
I set up a test network.
Test Network 1 consisted of:
- SBS Server
- Workstation (call it WS1)
- Linksys VPN Router (call it Linksys 1)
Test Network 2 consisted of:
- Linksys VPN Router (call it Linksys 2)
- Workstation (call it WS2)
The external address for the SBS server and external addresses for both Linksys Routers were all on the same network. This is the simulated internet.
By adding the subnet were Network 2 to the Local Network Addresses in ISA on the SBS network, I was able to get routing to work after setting the VPN up between the two Linksys.
That was fine. It looked like things would work. The problem is that it requires two public IP addresses at the main location. For a lot of people, that isn’t possible. In this case, it was possible.
Now, I finally find a document from Microsoft detailing how to setup a VPN between ISA 2004 and the Linksys. I had looked for weeks trying to get information about this, and I kept running into deadends. It looks like it is possible to eliminate the Linksys VPNs at the main office and instead use ISA. At the remote office, there will still be two Linksys VPNs deployed.
I also have a requirement for routing between the two networks at the main office and the two networks at the remote office. The main office will be taken care of while setting the printers on the third network. In the remote office, I am looking at using a Soekris Net4801 running m0n0wall, but setup not to be a firewall, but instead just a plain router. If I find anything that will load easily onto a Compact Flash card that acts only as a router, then I will use it. FreeSCO works well in a desktop, but I’m not sure how well in this situation.
Hopefully, I’ll have this up and running sometime this week. Sometime in the future, I’d like to replace both Linksys VPNs with ISA 2004.