PDA

View Full Version : How to connect two Mac based networks in different countries?




MikeSweden
Feb 17, 2010, 03:45 AM
Hello all.

I have a problem that I canīt solve. All computer involved are MiniMac's and MacBooks with OSX

I have two networks with computers and IP cams in two different offices in two different countries (Sweden, Egypt), and I would like the to be able to see and access all the computers and cameras from wherever I am. On top of this i would like to be able for mobile computers to connect to the networks and that also these computers will be able to access. So total transparency.

One more problem is that I have a static IP in sweden. But the IP in Egypt changes several times every hour. I have tried with DDNS but it changes to fast and to often. As I see it, it's Egypt that have to connect to the Swedish static IP, and stay connected. I would also like the Egypt IP cams to be able to connect to a securityspy cam server in Sweden. I can't have a securityspy cam server in Egypt since the LAN there has no static IP and seems to be behind double NAT's or something.

IS THIS EVEN POSSIBLE? PLEASE HELP SOMEONE. I'm no super technician so an easy solution is preferred.

TIA
Mike:confused:



temetrepo
Feb 17, 2010, 06:44 AM
Try using a vpn. There are routers that have one or you can pay for vpn service.

Queso
Feb 17, 2010, 06:51 AM
Very easy, since it's essentially a teleworker-to-office setup you're replicating. Many router vendors have solutions where the static IP is installed with a router that acts as a dial-in server for a dynamic IP router or software agent to "call". Cisco for example have a whole range of products designed to do just this, although there are plenty of cheaper offerings on the market.

Cisco easyVPN (http://www.cisco.com/en/US/products/sw/secursw/ps5299/)

MikeSweden
Feb 17, 2010, 09:10 AM
In Egypt I can't change the router. The internet in Egypt (7/2Mbit) is provided by Vodafone with their Huawei 3G router. Basically without any settings possible.

So the best way would be to have a software solution. A VPN solution i guess. But which one? And it has to be able to keep the connection without having a user in Egypt to manually connect it.

As I see it. It must be Egypt to connect to Sweden, since Sweden has the static IP. And how can I get total transparency and be able to use printers in both sites and also have access to all computers in both sites.

The ideal is that both networks act as one. And to be able to print, register cams and connect to computers in any site as it would be in one local network.

belvdr
Feb 17, 2010, 09:39 AM
In Egypt I can't change the router. The internet in Egypt (7/2Mbit) is provided by Vodafone with their Huawei 3G router. Basically without any settings possible.

So the best way would be to have a software solution. A VPN solution i guess. But which one? And it has to be able to keep the connection without having a user in Egypt to manually connect it.

As I see it. It must be Egypt to connect to Sweden, since Sweden has the static IP. And how can I get total transparency and be able to use printers in both sites and also have access to all computers in both sites.

The ideal is that both networks act as one. And to be able to print, register cams and connect to computers in any site as it would be in one local network.

Then you put a VPN concentrator, such as a Cisco ASA or Check Point UTM between the network and the ISP's router. Then you create a site-to-site VPN between the two.

For remote access, you'd use a VPN client on your PC to Sweden, and have it route across the site-to-site VPN tunnel to Egypt.

I'd highly recommend against a software solution. It becomes unmanageable and it's not so transparent if everyone has to login to the computer and then the VPN tunnel. A site-to-site tunnel is totally transparent to any user and there's only the device to manage, not every computer.

MikeSweden
Feb 17, 2010, 03:28 PM
Then you put a VPN concentrator, such as a Cisco ASA or Check Point UTM between the network and the ISP's router. Then you create a site-to-site VPN between the two.

For remote access, you'd use a VPN client on your PC to Sweden, and have it route across the site-to-site VPN tunnel to Egypt.

I'd highly recommend against a software solution. It becomes unmanageable and it's not so transparent if everyone has to login to the computer and then the VPN tunnel. A site-to-site tunnel is totally transparent to any user and there's only the device to manage, not every computer.

***********
Thank you Belvdr

Ok, so you mean that these VPN gadgets will fit between my networks and my routers. This sounds like a solution I can live with.

One more question. How about the IP problem. Egypt will never have an IP that i can rely on. But Sweden on the other hand do have a static IP.

Is it possible to set up so that Egypt will be the one contacting Sweden when the system fails? (which it will do in Egypt a couple of times per day).

And will I have total transparency so I can register the IP cams in Egypt to the server in Sweden?

In your point of view. Which of the to products do you prefer? Should I have two of the same brand (one in each country) or are there different models depending on which country. How would the hardware solution look like if you would choose? Do you have the complete models for both the Cisco and the Check Point so I can google them.

TIA
Mike

belvdr
Feb 18, 2010, 07:18 AM
***********
Thank you Belvdr

Ok, so you mean that these VPN gadgets will fit between my networks and my routers. This sounds like a solution I can live with.

One more question. How about the IP problem. Egypt will never have an IP that i can rely on. But Sweden on the other hand do have a static IP.

Is it possible to set up so that Egypt will be the one contacting Sweden when the system fails? (which it will do in Egypt a couple of times per day).

And will I have total transparency so I can register the IP cams in Egypt to the server in Sweden?

In your point of view. Which of the to products do you prefer? Should I have two of the same brand (one in each country) or are there different models depending on which country. How would the hardware solution look like if you would choose? Do you have the complete models for both the Cisco and the Check Point so I can google them.

TIA
Mike

You can configure the VPN tunnel so that Egypt is the one who initiates the connection. To do this, you'll need to use certificates to verify it is the actual Egypt VPN concentrator trying to connect. The networks should be on different subnets (for example Sweden on 192.168.1.x and Egypt on 172.16.1.x). If they aren't, you can get by with NATing things, but it can spiral out of control fairly quickly. Once the tunnel is up, it's as if you are sitting on the same LAN (with slower speed). Note that if Egypt changes it's IP really often, you will notice disconnects when this happens. If you need sustained connectivity, I'd look for a static IP.

Check Point's solutions can be found at www.checkpoint.com. Personally, I'd recommend the UTM-1 (http://www.checkpoint.com/products/utm-1/index.html) series as it bundles the management and gateway components into one unit. The Check Point products are a bit more costly, but are much easier to configure, monitor, and control.

Cisco's solutions can be found at here (http://www.cisco.com/en/US/products/ps6120/index.html). The Cisco products will likely be cheaper, using the ASA 5505, but Check Point has ease of management.

MikeSweden
Mar 3, 2010, 01:38 AM
You can configure the VPN tunnel so that Egypt is the one who initiates the connection. To do this, you'll need to use certificates to verify it is the actual Egypt VPN concentrator trying to connect. The networks should be on different subnets (for example Sweden on 192.168.1.x and Egypt on 172.16.1.x). If they aren't, you can get by with NATing things, but it can spiral out of control fairly quickly. Once the tunnel is up, it's as if you are sitting on the same LAN (with slower speed). Note that if Egypt changes it's IP really often, you will notice disconnects when this happens. If you need sustained connectivity, I'd look for a static IP.

Check Point's solutions can be found at www.checkpoint.com. Personally, I'd recommend the UTM-1 (http://www.checkpoint.com/products/utm-1/index.html) series as it bundles the management and gateway components into one unit. The Check Point products are a bit more costly, but are much easier to configure, monitor, and control.

Cisco's solutions can be found at here (http://www.cisco.com/en/US/products/ps6120/index.html). The Cisco products will likely be cheaper, using the ASA 5505, but Check Point has ease of management.

Thank you very much. I have ordered the Cisco ASA 5505, 50 users for both Egypt and Sweden.

Again, Thanks Belvdr for helping.