Views

Difference between revisions of "VPN Site-to-Site networking"

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Jump to: navigation, search
(Important informations)
(Important informations)
Line 54: Line 54:
  
 
VPN Site-to-Site networking ''with'' normal Internet traffic and QoS support '''Important informations''' ''here''
 
VPN Site-to-Site networking ''with'' normal Internet traffic and QoS support '''Important informations''' ''here''
 +
 +
* HiPath 2000 V1.0 as VPN gateway for voice and data and Internet gateway
 +
Cost-effective cross-traffic with IP trunking via VPN route
 +
Access to central resources (file servers, HiPath applications) at the company’s head office
 +
Shared Internet access for Internet traffic and VPN (intranet traffic)
 +
Operation of public servers in a separate network (DMZ) is possible
 +
Proxy must be transparent for VPN
 +
The ISP must support QoS to ensure sufficient call quality
 +
 +
Customers advantages
 +
 +
High level of security with use of an additional firewall for controlling the unencrypted traffic to and from the Internet
 +
Installation and administration of firewall and virus scanner at one site only
 +
Cost savings with use of a shared Internet access for Internet traffic and VPN (intranet traffic)
 +
 +
Important hints:
 +
The Internet access can be overloaded by downloads from the Internet. The quality of calls is massively impaired during the downloads.
 +
Operation of public servers in a separate network (DMZ) is only recom-mended if the ISP provides QoS and the access router supports a band-width control for voice/data.
 +
Internet connections that support QoS are not offered by every ISP and are also more expensive than conventional Internet connections.

Revision as of 13:56, 18 November 2006

VPN Site-to-Site networking

VPN without normal Internet traffic

This Site-to-Site networking scenario lets an enterprises to use:

  • HiPath 2000 as VPN Site-to-Site gateway both for Voice and Data traffic.
  • HiPath 2000 as a cost-effective gateway to route VoIP traffic by means of use CorNet-IP trunking between sites over VPN trunk.
  • HiPath 2000 as gateway to access enterprise resources and applications available on the company’s VPN networked sites.

Overview

VPN Site-to-Site networking without normal Internet traffic Overview here

Important informations

  • Basic bandwidth reservation for Voice can be implemented on HiPath 2000 setting:
    • Outgoing Bandwidth Control
    • B-Channels limitation
  • No external Firewall is required at site (HiPath 2000 features firewalling service)
  • If, at some point, normal Internet traffic (like Web navigation, Mail server access, etc.) is required by the Customer, then Hipath 2000 VPN Site-to-Site networking implementation must be designed according to VPN with normal Internet traffic scenario. In that case:
    • Customer need to ensure itself with additional ISP connection to Internet
    • Customer need to ensure additional devices/services like:
      • Router, necessary to route LAN hosts normal data traffic to Internet
      • Firewall, necessary to protect LAN hosts and implement DMZ at site
      • Proxy, necessary to implement Internet traffic policies

VPN with normal Internet traffic

Overview

VPN Site-to-Site networking with normal Internet traffic Overview here

Important informations

  • Normal Internet traffic completely separated from Voice traffic by means of second Internet connection to ISP:
    • Voice quality over VPN is preserved from normal Internet traffic side effects (No Voice/Date traffic congestion, no burstly data traffic or high downstream can jam Voice connections)
    • HiPath 2000 can manage VPN Bandwidth entirely (No Bandwith share with normal Internet traffic)
    • HiPath 2000 lightweight processing power requirements handling and routing only Voice traffic over VPN Trunk.
  • Routing/Security policies demanded at additional Proxy/Firewall devices for normal Internet traffic handling

VPN with normal Internet traffic and QoS support

Overview

VPN Site-to-Site networking with normal Internet traffic and QoS support Overview here

Important informations

VPN Site-to-Site networking with normal Internet traffic and QoS support Important informations here

  • HiPath 2000 V1.0 as VPN gateway for voice and data and Internet gateway

Cost-effective cross-traffic with IP trunking via VPN route Access to central resources (file servers, HiPath applications) at the company’s head office Shared Internet access for Internet traffic and VPN (intranet traffic) Operation of public servers in a separate network (DMZ) is possible Proxy must be transparent for VPN The ISP must support QoS to ensure sufficient call quality

Customers advantages

High level of security with use of an additional firewall for controlling the unencrypted traffic to and from the Internet Installation and administration of firewall and virus scanner at one site only Cost savings with use of a shared Internet access for Internet traffic and VPN (intranet traffic)

Important hints: The Internet access can be overloaded by downloads from the Internet. The quality of calls is massively impaired during the downloads. Operation of public servers in a separate network (DMZ) is only recom-mended if the ISP provides QoS and the access router supports a band-width control for voice/data. Internet connections that support QoS are not offered by every ISP and are also more expensive than conventional Internet connections.