How to set up VPN between multiple sites in the VPN router "RTX1210"

Last time, as a representative VPN other than the VPN connection between two strongholds, three kinds of "remote access VPN", "VPN between three strongholds" and "VPN between central strongholds" were introduced. Among them, with regard to "remote access VPN", it explains the construction method when using VPN router "RTX1210".

This time, let's introduce the outline and construction methods of "3-site VPN (mesh)" and "central site-to-VPN (star)".

Overview of 3 sites VPN (mesh)

"3-site VPN" is a structure that establishes an IPsec tunnel between sites while each site uses the Internet, so that the sites can communicate securely. Because the stronghold is connected like a mesh, it is often referred to as a "mesh".

For example, the scale of the enterprise has expanded, and many situations have been adopted in the production of new branches.

If we are adding a new site, we will establish an IPsec tunnel for all existing sites at that site. Therefore, the more sites, the more IPsec tunnels to be established. There are 3 IPsec tunnels between 3 sites, 6 in 4 sites, and 10 in 5 sites.

Considering the actual setting operation and the management application after construction, it is not 3 or 4 strongholds that can use the mesh smoothly?

Overview of Central site VPN (Star)

In contrast, the "star VPN" is a structure that radiates the IPsec tunnel from the central stronghold (center) to each stronghold. It is often called "star".

When new strongholds are added, it is only necessary to build an IPsec tunnel connecting the center and the stronghold, so the burden of construction is less than that of the mesh type.

The disadvantage is that when you want to communicate from site to site, the path information becomes complex and traffic is centralized. Therefore, the router installed in the center requires high performance.

Whether it is a mesh or a star, there is no difference in establishing an IPsec tunnel, both of which can build a secure network.

On the other hand, when building a multi-site VPN, it is important to note that the local IP address used by each site cannot be duplicated in the VPN network. Especially when there are more clients, IP addresses may run out.

In addition, if VPN connects to a site where LAN is already installed, the IP address may be repeated at that time. It is very risky to change the network configuration during the operation. If your IP address is duplicated, consider introducing NAT.

Set up a multi-site VPN connection on RTX1210

Whether it's a mesh or a star, you just need to add a new IPsec tunnel to the "2-site VPN connection" you've already built, so it's not that difficult to build.

In the third chapter of this series, the inter-stronghold VPN is set between the head office and branch 1. As a result, we also confirm that "TUNNEL [01]" is displayed when the VPN is successfully established. Starting from this state, we will re-add the VPN connection settings to Branch 2.

First, let's sort out the network configuration of the three sites.

本社

支社1

支社2

In the new additional branch 2, the LAN is laid with the IP address of "192.168.150.0swap 24" to connect to the Internet. You can also register for the network volunteer DNS hostname.

After being prepared in advance, set up the VPN from the router at the headquarters. This process is almost the same as the settings for 2 site connections.

(1) launch the Web browser and access "http://192.168.100.1/". (2) enter your user name and password and log in. (3) Click in the order of "VPN"-"Inter-site connection" button on the "simple Settings" tab, and the setting screen of inter-site connection VPN will be displayed. (4) Click the New button. (5) check IPsec in Select connection Category, and then click next. (6) set IPsec. Enter the information you identified earlier, and then click next.

On the router of branch 2, if the same settings are made as above, an VPN connection is established between the head office and branch 2.

So far, IPsec tunnels have been established between headquarters and Branch 1 and between headquarters and Branch 2. In other words, we can build stars. Moreover, the router is also operated between branch 1 and branch 2, and if an IPsec tunnel is established, a mesh can be built.

This time, as a multi-stronghold VPN, the outline and construction method of "3-point VPN (network type)" and "central stronghold VPN (star type)" are explained. The next episode is the last episode. Let's review what has been done so far.