Use broadband routers to achieve enterprise-class remote networking
Cool dragon
2004-2-6
background
Our main business department (approximately 35 computers, may increase to 50-80 units in the future) will leave the headquarters to the city's suburban office, and it is proposed to establish a ADSL-based R460 router with an existing TP-LINK. The network and builds WEB, MAIL, and FTP servers for them (FTP servers and DMZ hosts). However, due to its business, it is still necessary to keep in touch with the headquarters. The network is all static IP, no DHCP, DNS, WINS, gateway, etc., and the headquarters subnet mask is irregular 255.255.252.0, if Buy a TP-LINK R460 router cannot achieve the joints with the headquarters. What can I ask how to achieve better? sincere thanks!
case study
From the letter from this netizen, he can see that his most fundamental demand is: the remote "business department" to "implement the connection with headquarters." Obviously this netizen is not planning to apply for a special line, building a branch department and headquarters, but wants to connect through the public network like a normal ADSL network. Place the company's business in public online, enable real-time transmission of data, which considers security issues. The current implementation is VPN technology. What can VPN do? Company Financial Management, Off-site ERP, OA, Remote Training, VoIP, Remote Video Conference, etc. These applications are VPN technology. VPN technology has now been widely used in large and medium-sized enterprises, and there is a trend of replacing DDN lines (of course, in business networks in the financial and other industries). With the development and wide application of VPN technology, the cost of deploying VPN is now relatively low, which is reflected in network devices. In this case, we will introduce a broadband router with VPN technology to implement VPN. This is more economical than using traditional routers to achieve VPN. Here, the netizen proposed using the TP-Link460 broadband router to form a network, because this router has no VPN function, so Xiaoku suggests that you still consider using a broadband router product with VPN technology, this case Xiaoku will recommend Vigor Series broadband routers to implement VPN.
VPN Introduction
Virtual Private Network refers to the technology of establishing a private network on a public network, which is called virtual bribid. It is mainly because the connection between any two nodes of the entire VPN network does not have traditional private networks. The end-to-end physical link (line), but the logical network above the network provided by the public network service provider, and user data is transmitted in the logical link. It enables network interconnection through tunnelling or virtual circuit, support user security management, and network monitoring, troubleshooting. It reduces the investment in construction, saving costs, and ensures that users have simplified users' maintenance and management of the network. It is applied to the internet of networks between the government, enterprises and institutions Headquarters and Branches of Branches, and the Internet between business partners. With the acceleration of market economy integration and the in-depth development of information technology, various types of companies, various types of enterprises are increasingly utilizing information technology to enhance the management level of enterprises and expand cross-regional business. IP VPN is favored by enterprises with its special network of enterprises that can build security, reliable, economic and high-speed transfer of public network resources.
Network Tunnel (tunnelling) is a key technique. It mainly uses the network tunnel protocol to implement the transmission between two network protocols. Two types of tunneling protocols are: Layer 2 tunnel protocol, used to transmit two-layer network protocol; three-layer tunnel protocol, used to transmit three-layer network protocol.
Building a VPN on a public network is a very important issue for network security factors. A series of network security technologies are applied in the VPN application, such as a firewall, applying IPSec to data encryption on the tunnel, using L2TP to perform mutual verification, etc., so that private data transmitted on public networks has been securely guaranteed. . Vigor2200e with vigor2300
One. Vigor2200e (see Figure 1)
1. Hardware configuration: CPU 50MHz; Flash 1M; RAM 4M.
2. Port configuration: 1 10BASE-T fixed wide area network interface, support ADSL / CABLE / FTTX line sharing Internet access; 4 10 / 100Base-T / TX fixed LAN interface; 1 RS-232 control port.
3. Available services: (1) WAN: PPPOE (ADSL dial); DHCP (dynamic host parsing); VPN Server, VPN Client, VPN technology such as IPSec / PPTP / L2TP / L2TP plus IPSec implement remote access and local area network Up to 8 VPN tunnels can be supported using DES (56-bit encrypted), 3DES (128 encryption) to execute the exchange and authentication of IPSec code; ARP, IP, ICMP, TCP, UDP. (2) LAN: App, IP, ICMP, TCP, UDP; DHCP service; NAT network address resolution service; DNS proxy service; DDNS (dynamic domain name); DMZ non-military zone service; support static or RIP1 / RIP2 dynamic routing protocol .
4. Safety, Setting, and Management: (1) Built-in firewall support IP packet filtering; PAP / CHAP authentication function; anti-intrusion program (2) Based on the web graphics setting interface and Telnet text command line operation; set up use rights and usage time; Status monitoring; diagnostic tools; built-in software upgrade protocol TFTP, can be upgraded at any time; can be maintained remotely by unloading or Internet.
two. Vigor2300 (see Figure 2)
1. Hardware configuration: CPU is ARM9 168MHz Risc; Flash 2M; RAM 8M.
2. Port configuration: 1 10 / 100Base-T fixed wide area network interface, support ADSL / CABLE / FTTX line sharing Internet access; 4 10 / 100Base-TX fixed LAN interface; 1 RS-232 control port.
3. Available services: Basic functions are the same above Vigor2200E, but it also has more prominent features. The VPN online is faster, in addition to the VPN online speed, also increases the speed of the NAT address conversion and the firewall packet filtering. Built-in printer servers can provide a printer in each computer in the network, saving costs. Up to 16 VPN tunnels can be supported.
4. Safety, Setting, and Management: Basic functions are the same as the above Vigor2200E.
Case implementation
Using the Vigor program to make VPN networking will enable all companies to fully implement OA, ERP and other software across the region, and all ministries run OA, ERP and other software, and can also achieve voice and video transmission, using existing ordinary ADSL Broadband lines, implement free communication over the entire VPN network of this system. The company's data files and databases can be used for all employees to share and share networkers in the long-range branch; through the web server and FTP server release company homepage, for customers to download information. Our network topographic maps designed for netizens are as follows (see Figure 3), will use a local area network to the LAN-to-LAN, that is, from a local area network to the VPN tunnel network of Internet to another.
We can see that in this scenario, the company headquarters and segments apply for a general 1M ADSL line. The key to realizing the VPN network is Vigor2300 and Vigor2200E broadband router. They play a role of VPN Server and VPN Client, respectively. Here, it is assumed that the Internet communication and the network management section have been set, and the VPN part is focused on the VPN part.
Ready to work:
The network number (network segment) set by the headquarters and the division is 192.168.0.0 and 192.168.1.0
The headquarters Vigor2300 is used as the VPN Server.
Router IP: 192.168.0.1 (that is, the gateway of the headquarters local area network), dynamic domain name: rover.xicp.net. Because the national conditions, usually we apply to our dynamic IP's ADSL, which is usually called the ADSL, so this public network IP is changing, so that users don't have access to us at all in the Internet, so Users who have the dynamic public network IP can only pass third-party dynamic domain name service providers to their own dynamic domain names (domestic more famous dynamic domain service providers have domain technology companies http://www.oray.net/, etc.) . Here we apply for the headquarters of the ADSL line to make the segment to access the headquarters of the headquarters that the division can be fixed by the Internet. Of course, the headquarters can also use this dynamic domain name to build web, ftp, mail service, etc. Other Internet applications.
· Division 1 Vigor2200 Series As the VPN Client.
Router IP: 192.168.1.1 (that is, the gateway of the Division LAN). Since netizens also have to provide a single service in the program demand, and separately apply for a dynamic domain name separately.
Set steps:
One. The setting of the headquarters Vigor2300 router: (see Figure 4)
Click Advanced Setup "VPN AND Remote Access Setup" LAN-to-Lan Profile Setup "Index 1 (first user), in Vigor2300 (VPN Server) is set, of course, if the company has 2nd, third parties Similar to the INDEX 2, the Index 3 screen is equally set.
A. Tell the hook
B. When the number is indicated, how long does it take to automatically disconnect, "0" is long online.
C. Enter the username, password that allows the remote segment connection
D. Enter the network segment of the remote division (unable to conflict in the headquarters)
E. Select the "private IP" mode
two. Division Vigor2200E Router Setting: (See Figure 5) Click Advanced Setup "VPN AND Remote Access Setup" LAN-to-Lan Profile Setup "Index 1
A. Tell the hook
B. Check to express automatic dialing VPN and long online
C. Which VPN type is selected (PPTP or IPSec or L2TP)
D. Enter the username, password set by the headquarters
E. Enter the dynamic domain name of the headquarters (such as rover.xicp.net) or fixed public network IP address
F. Enter the headquarters network segment
G. Select the "private IP" mode
three. Test VPN communication
After setting up, click the headquarters system management "PN Connection Management, which will appear as follows, there are several segments that are connected. (See Figure 6)
Vigor Enterprise Network Program Features
High-efficiency, low-cost, easy to expand Vigor's enterprise network program has high performance, low-cost features, enterprise users only need to apply for a normal ADSL broadband line to be implemented. In addition, the program also has good scalability and practicability, and lay the foundation for the long-term development of the company, in line with the current real situation of the construction of the networking network of SMEs.
