We have a corporate network and would like remote offices to have direct VPN’s back to the office.
We would like to just give the 3-5 person office a Cable Modem and have them connect a RB750 right behind that cable modem that would get an IP address that is accessible to the web. We would like the MT to connect to the corporate network and then have ALL traffic go over the VPN connection we want DHCP to come from the corporate network.
Any help or pointing towards a tutorial would be greatly appreciated.
Establish an EoIP tunnel between the two routers and wrap that in IPSec. I believe gregsowell.com has video tutorials for that.
Make sure you have routes to the Corporate office on the branch router via the EoIP tunnel, and to the branch office on the Corporate router via the EoIP tunnel. Then install a DHCP relay agent on the branch router that points back to the DHCP server at the Corporate office - this is necessary if you have a routed connection rather than a bridged one back to corp, which is definitely preferable. Lastly install firewall mangle rules that tack a routing mark to every packet sourced by the inside clients that are to be on the VPN, and install a default route (0.0.0.0/0) for that routing mark pointing to the other end of the EoIP tunnel so that all traffic from the inside clients goes across the VPN as a next hop. Ensure that corp is correctly NAT’ing that traffic out to the Internet so that it can go out to the world.