As companies grow, so do their office space requirements. Sometimes, adding additional office space in another building is cheaper than moving the entire company to new premises. To do this, though, you need to extend your computer network from one physical location to the other. Depending on the budget you have, there are two ways to do this, both offering their own challenges, benefits and advantages. No matter what the physical distance, be it one hundred feet or one hundred miles, there is method that suits your needs.
Defining Your Connection Method
Talk to your management and Accounts department to determine what kind of budget you have for the project. This will need to be planned out to the last penny as, depending on the budget restraints, locations of the two physical buildings and existing infrastructure in the area, the solution you decide on will vary.
Evaluate which connection method you want: an Internet based VPN tunnel from one site to the other, which provides a layer three connection between the sites, or a site-to-site leased line connection or dark fiber run. The second option is by far the more expensive option but is more robust, as the only infrastructure involved is the hardware you own and control and not the Internet.
Purchase the equipment you need. If you are using the site-to-site connection, you will need to get a provider to connect the two offices through their own infrastructure and provide a fiber or Ethernet hand-off at each site for you to connect to your internal infrastructure. If going down the VPN route, you will need some VPN devices such as a Cisco PIX firewall or Juniper firewall device (to name but two) and allocate the external IP addresses to them and get them up on your network.
Configure your internal equipment. If you are following the VPN approach, then you will need to configure your equipment. With the internal and external interfaces set up, you then need to define your VPN tunnel, setting the mirror configuration on each firewall, so site A states the destination is site B and site B has site A as the destination. Then choose your encryption methods on the tunnel, so as to encrypt all sensitive data, and decide on a Pre Share Key so that each side knows the other is a trusted partner. If you are using the site-to-site connection, you need just attach the handoff from the circuit provider to the internal switches setting the ports as Trunk ports. This is to allow all VLAN traffic you may have in the two networks to pass through this connection and thus gives you a Layer 2 connection between the sites and simply expands the network across the two sites.
Set up any routing protocols that you have in place to pass all traffic to the resources on the other side of the connections to the other office over your chosen connection infrastructure. If you are using the Layer 2 site-to-site connection, this will not be needed as the two switches will be sharing all routes that they have with each other automatically over the proprietary protocols the devices have; if they are Cisco equipment, it is the Cisco Neighbor Discovery protocol. If you are using the VPN connection, you will need to set up a routing protocol such as OSPF (Open Shortest Path First) or BGP (Boarder Gateway Protocol) to share the routes of each firewall with the other and instruct packets destined for the other LAN to pass over the VPN tunnel to get to their destination.
Joining LAN Protocols
Determine if you want to share a DHCP pool between the two sites, or if you want to keep the address spaces of the two sites separate. Keeping them separate will mean that you need to have a DHCP server on each side of the connection to provide IP addresses to the other. If you intend to treat the two sites as one logical site, then you will just need the one DHCP server, but will need to ensure that you allow the DHCP relay to be passed through the VPN connection. If you are using the Layer 2 connection, this will not be needed, as the two sites will believe they are an extension of each other anyway.
Configure the Trunk ports on your connecting switches. If you are using the Layer 2 approach, set the interfaces on the switches at each site as an Uplink Trunk port. To do this on a Cisco switch, you use the following commands from within the "Configure Terminal" prompt:Configure terminal
(config)# int xxxxx (this is where you determine the port in the switch, e.g., fa0/1 for fast Ethernet port 1 on the switch)
(config-if)# switchport mode trunk
(config-if)# switchport trunk encapsulation dot1q
(config)# endwrite mem (this saves the new configuration to the start-up configuration file)
This is done on the switches at both sites that have the site-to-site connection patched into them. This will allow the two switches to see each other, share their routing and ARP tables and be able to pass traffic on between them when required.
Create any firewall policies that are required to allow the traffic that you want to allow across the connection through and block any that you don't want to allow through. This is only done if you are using the VPN connection method. You will need a policy on both sides of the connection, one allowing the traffic out of site A and another on the firewall allowing the traffic in to site B. You may want to allow all types of traffic through, in which case you can allow any traffic from any source going to any source using any protocol; if you want to lock this down a little, this is where you can allow only the traffic from specific people or applications through; the firewall that you are using will determine the exact steps to take.
Confirm that you have connectivity between the sites. This will involve some ICMP ping tests initially and trace route commands from a command prompt on a PC at either end, making sure you are able to pass data back and forth across the WAN link (the link between the two sites). Once you have confirmed this, move on to the more in-depth testing of making sure that file transfers work between the two sites and other applications such as mail, intranet sites and internal applications are functional from both sites.
- Photo Credit networking image by .shock from Fotolia.com
How to Setup Internal LAN
Setting up a local area network (LAN) today is easier than ever before with plenty of low-cost networking technology options available. Further,...
How to View Intranet Web Pages
Intranet Web pages allow certain people to view and share information online in the privacy of a group or company. Most companies...
How to Connect Two Buildings Wirelessly
Networking is the pinnacle of modern technology. It is the communication of interconnected devices such as computers, printers, vehicles and smart devices....