-1

Here is a scenario:

You would like to setup a private network between four companies at different cities for teams in these companies to collaborate on anti-virus software. Because of the nature of the work they want to setup a private LAN disconnected from their corporate network.

How could you connect these private (lab) networks in the four companies to each other so that the teams can collaborate effectively?

Ideally each computer at company A's lab network should be able to talk to any of the computers in company B, C, or D's lab.

Is there an appliance that can do this that I imagine you connect at each location to both the corporate network and the local lab network and then the appliance tunnels all traffic between the companies?

Thanks.

suleyman
  • 115
  • 1
  • 1
  • 7
  • Things like `Is there an appliance that can do this` should be changed to something like `Is there a way to do this`. Otherwise you may be considered off-topic due to asking for product recommendations. http://serverfault.com/help/on-topic – Ryan Babchishin Sep 30 '16 at 00:27
  • How about "is there a way to do this with off-the-shelf hardware or do I have to put my own hardware and software to do this?" Would that make moderators happy? I am not asking for a specific vendor's product recommendation; I am asking if there is a class of products that does this. Are they called VPN concentrators, for example? I don't know; thus my question! – suleyman Oct 01 '16 at 06:00
  • yep maybe. It's entirely democratic here. Now you have 2 votes for "too broad".. no matter you've received a good answer. – Ryan Babchishin Oct 01 '16 at 11:41

1 Answers1

2

The easiest way would be a hub-and-spoke IPsec network, where you'd stand up a Linux/BSD server somewhere and then configure IPsec (using Strongswan) associations from that server to each LAN site. With this model, all traffic between sites would be required to go through the "hub", which is nice for ease-of-deployment and access control, but not great for performance.

The other option is to implement a "full mesh" IPsec network, where each site is directly connected to all the other sites via IPsec. This method will offer the greatest performance, but it's much more complicated to get set up due to the much larger number of IPsec tunnels that need to be set up.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • This is certainly useful information. I assume there are appliances the likes of Cisco sells, right, to make the installation/configuration easier. I think the "mesh" network would be the one to go with as performance is important (large file transfers). Thanks – suleyman Sep 30 '16 at 07:47
  • 1
    Sure, Cisco had equipment that will do this. I'm rather partial to pfsense appliances, though, which are cheaper and have greater functionality. – EEAA Sep 30 '16 at 12:09
  • @suleyman We had a large network like this done with Cisco stuff. It worked well. Cost a fortune. +1 for pfsense and other OSS, real servers. – Ryan Babchishin Oct 01 '16 at 11:46