VPN - help to building VPN networks

Hey,

I need your help building a VPN in my 4 locations: home and 3 stores. I have a database program installed on each store that I would like to connect to from home. I have used an RDP connection so far, but for security reasons I would like to give it up.

I don't have experience in creating VPNs, so tell me where to start?

I see it this way: in 3 locations (shops) - I run a VPN server (Ex. Zyxel USG20-w). At home, I create 3 connections on the computer, e.g. L2TP. The only problem I see is switching between stores.

Maybe i need to create a 'site to site' connection?

I hope that what I described is quite clear - if not, please ask.

All Replies

  • mlikmlik Member Posts: 5

    Thanks for the answer.

    If I understood the configuration correctly:

    Assuming home is my hub. I create Site-to-Site connections:

    • HUB - SHOP
    • HUB - SHOP2
    • HUB - SHOP3

    Then, it uses the VPN Concentrator functions

    The next step is to create connections

    • SHOP1 - HUB
    • SHOP2 - HUB
    • SHOP3 - HUB

    Question:

    • if I don't need connections between SHOP1-2-3 I don't create Policy Route ?
    • What about securing the IPSec connection ?
    • Is the USG20W-VPN suitable for all locations ?
    • Are there any requirements for the internet provider? Currently, I have routers on my stores - I think all the traffic will have to be redirected to USG20W.
    • Will Internet quality drop after such a VPN connection? in 3 locations I have more or less speed: Download: 120 Mb/s / Upload: 18 Mb/s
  • PeterUKPeterUK Member Posts: 601  Guru Member

    Can you draw out the network with LAN/WAN/IP subnets.

  • mlikmlik Member Posts: 5

    I don't want to share external addresses in the forum, but it looks something like this:


    warwickt
  • PeterUKPeterUK Member Posts: 601  Guru Member
    edited April 3, 2020 8:42PM

    Your going to need to change the LAN IP for either shop3 or home as a tunnel to their will conflict.

    So yes make tunnels from home to shop1-3 and shop1-3 to home with Nailed-Up checked.

    You only need the Concentrator on home if shop 1 needs to connect to shop 2 by the tunnel.

    Jeremylin
  • mlikmlik Member Posts: 5

    OK I understand. How significantly the speed of the Internet will decrease after creating this type of VPN connection. 

    And, Am I able to do it on the USG20W-VPN model?

  • PeterUKPeterUK Member Posts: 601  Guru Member

    your speed will be limited but should do for what you need

    The USG20W-VPN can make upto 10 IPsec VPN tunnels

  • mlikmlik Member Posts: 5

    Do you know why I ask? There are a lot of network devices on every shop - payment terminals, internet services, etc. It must work well. That is why it is important to me how much the speed of the Internet will drop?

  • Zyxel_VicZyxel_Vic Zyxel Official Agent Posts: 150  mod

    Hi @mlik

    The throughput dropping is highly related on what kind of application is used for certain testing and what encryption method will be implemented in your VPN tunnels (the encryption complexity difference). Moreover, if the UTM features (e.g. Anti-Virus) was enabled, the throughput will drop,too.

    To your scenario, if what you need is purely for VPN services, USG20W-VPN is quite match to certain bandwidth requirement. However, to have more room for the additional features that may be implemented on your device. I will suggest to upgrade your main firewall to USG110.


    By the way, for those major services that need to be guaranteed in the bandwidth, the Bandwidth Management function can fulfill certain requirement to have guaranteed bandwidth in the VPN tunnel.

Sign In to comment.