10.7 Combining a LAN-to-LAN VPN and a Remote Access VPN
This section will explain how to take the network configurations
looked at in sections 「10.4 Setting Up a Generic Remote Access VPN」 and 「10.5 Setting Up a LAN-to-LAN VPN (Using Bridge Connections)」 and use them together.
10.7.1 Using LAN-to-LAN Communication and Remote Access Together
In section 「10.5 Setting Up a LAN-to-LAN VPN (Using Bridge Connections)」 you read about a LAN-to-LAN VPN which was set up
with VPN Server installed on the main LAN and VPN Bridge installed on
the sub-LANs. The VPN Server installed on the main LAN for this type of
network configuration can also receive VPN connection requests from VPN
Clients. This means that it can be the VPN Server for the LAN-to-LAN VPN
and the VPN Server for a remote access VPN at the same time.
The figure below illustrates what it would look like if a user at a
remote location (such as from a hotel on a business trip) made a remote
access VPN connection to the VPN Server on the main LAN (Tokyo).
Fig. 10-7-1 An Example of How to Use a LAN-to-LAN Network
and Remote Access Together |
In this example, two VPN Client equipped laptop computers are making
a direct connection to the Virtual HUB on the VPN Server in Tokyo via
the Internet. In this configuration the Tokyo LAN and the Osaka LAN are
connected as a layer 2 segment. Computers on both networks can freely
communicate with each other. Also, the VPN Clients logged in to the VPN
Server will join that same layer 2 segment and will be able to freely
communicate with computers on both networks as well.
By using this method you can utilize a single VPN Server to provide
both remote access and LAN-to-LAN VPN services.
10.7.2 Calculating the Number of Required Licenses
To calculate the number of licenses required for this VPN
configuration, we simply add two client connection licenses to the
licenses required to build the simple LAN-to-LAN VPN from section
「10.5 Setting Up a LAN-to-LAN VPN (Using Bridge Connections)」. Thus, the required product licenses and connection licenses are
as shown below.
- VPN Server 2.0 Standard Edition License x 1
- VPN Server 2.0 Client Connect License (1 Client) x 2
- VPN Server 2.0 Bridge Connect License (1 Site) x 1
Please refer to section 「1.3 PacketiX VPN 2.0 Product Configuration and License」 for more information about the
licensing system.
10.7.3 Supplementary Information
Of course, it is also possible to use remote access in conjunction
with a LAN-to-LAN VPN that utilizes IP routing such as the one described
in section 「10.6 Setting Up a LAN-to-LAN VPN (Using IP Routing)」. In this situation you can decide which layer 2
segment to join depending on which Virtual HUB you connect to.
Also, if you install VPN Server on both networks of the VPN, the VPN
Client can make a direct connection to the VPN through the Internet by
connecting to either one of the VPN Servers. This is useful if, for
example, a user wants to connect to the fileserver on the Osaka LAN. By
using this method the user can connect directly to the Osaka LAN without
going through the Tokyo LAN, which means faster transfer speeds. In this
situation you would need an additional VPN Server product license in
order to install another VPN Server on the LAN in Osaka.
|