I'm the sole IT person at a small business with about 30 employees, and I'm still in training. I have two Comcast CBR2-T routers that I want to connect to create a site-to-site VPN so that our Windows server can be accessed from both networks for Active Directory purposes. What is the best approach to set this up?
3 Answers
To establish a site-to-site VPN, you would really want a proper firewall at both locations. Devices like Ubiquiti Gateways can offer this functionality at a decent price. For more robust needs, consider something like SonicWall or Fortigate firewalls.
It's typically best to set up the VPN through the firewall connected to your modem/router while putting the modem in passthrough mode. Do you have a firewall already? If so, you should check the vendor’s website for specific site-to-site VPN instructions for your model.
Kudos for tackling this alone! The CBR2-T routers from Comcast aren’t really suited for out-of-the-box site-to-site VPNs. You'll likely need to place proper routers or firewalls behind them that support protocols like IPsec or OpenVPN. Consider options like Ubiquiti, pfSense, or low-end Fortinet devices for this setup. Just remember to check for subnet overlaps and ensure your routing tables are set correctly so everything runs smoothly.
Exactly! Setting up the routing correctly is crucial. It can get messy if two sites end up trying to use the same IP range.