VPN - help to building VPN networks

mlik
mlik Posts: 25  Freshman Member
First Comment Fourth Anniversary
edited April 2021 in Security

Hey,

I need your help building a VPN in my 4 locations: home and 3 stores. I have a database program installed on each store that I would like to connect to from home. I have used an RDP connection so far, but for security reasons I would like to give it up.

I don't have experience in creating VPNs, so tell me where to start?

I see it this way: in 3 locations (shops) - I run a VPN server (Ex. Zyxel USG20-w). At home, I create 3 connections on the computer, e.g. L2TP. The only problem I see is switching between stores.

Maybe i need to create a 'site to site' connection?

I hope that what I described is quite clear - if not, please ask.

All Replies

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary

    Thanks for the answer.

    If I understood the configuration correctly:

    Assuming home is my hub. I create Site-to-Site connections:

    • HUB - SHOP
    • HUB - SHOP2
    • HUB - SHOP3

    Then, it uses the VPN Concentrator functions

    The next step is to create connections

    • SHOP1 - HUB
    • SHOP2 - HUB
    • SHOP3 - HUB

    Question:

    • if I don't need connections between SHOP1-2-3 I don't create Policy Route ?
    • What about securing the IPSec connection ?
    • Is the USG20W-VPN suitable for all locations ?
    • Are there any requirements for the internet provider? Currently, I have routers on my stores - I think all the traffic will have to be redirected to USG20W.
    • Will Internet quality drop after such a VPN connection? in 3 locations I have more or less speed: Download: 120 Mb/s / Upload: 18 Mb/s
  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Can you draw out the network with LAN/WAN/IP subnets.

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary

    I don't want to share external addresses in the forum, but it looks something like this:


  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2020

    Your going to need to change the LAN IP for either shop3 or home as a tunnel to their will conflict.

    So yes make tunnels from home to shop1-3 and shop1-3 to home with Nailed-Up checked.

    You only need the Concentrator on home if shop 1 needs to connect to shop 2 by the tunnel.

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary

    OK I understand. How significantly the speed of the Internet will decrease after creating this type of VPN connection. 

    And, Am I able to do it on the USG20W-VPN model?

  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    your speed will be limited but should do for what you need

    The USG20W-VPN can make upto 10 IPsec VPN tunnels

  • mlik
    mlik Posts: 25  Freshman Member
    First Comment Fourth Anniversary

    Do you know why I ask? There are a lot of network devices on every shop - payment terminals, internet services, etc. It must work well. That is why it is important to me how much the speed of the Internet will drop?

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @mlik

    The throughput dropping is highly related on what kind of application is used for certain testing and what encryption method will be implemented in your VPN tunnels (the encryption complexity difference). Moreover, if the UTM features (e.g. Anti-Virus) was enabled, the throughput will drop,too.

    To your scenario, if what you need is purely for VPN services, USG20W-VPN is quite match to certain bandwidth requirement. However, to have more room for the additional features that may be implemented on your device. I will suggest to upgrade your main firewall to USG110.


    By the way, for those major services that need to be guaranteed in the bandwidth, the Bandwidth Management function can fulfill certain requirement to have guaranteed bandwidth in the VPN tunnel.

Security Highlight