On Mon, 2008-08-04 at 08:37 +0100, John Woodard wrote:
What is the best way of attacking this, the hardware route using routers or using tunneling protocols?
We use the built in office to office vpn functionality in the later firmware builds on the 834's at a few places and it seems perfectly functional. Pretty much set up both routers in GtoG mode defining the local and remote internal subnets relative to each end and the ipaddress of the other gateway and of course the shared secret..there is a wizard to do this. The VPN will then be routed to when either end tries to contact the others subnet, initiation is bi-directonal as well and we have found that everything recovers gracefully after a line loss/router reset etc.
I'd recommend using the very latest firmware that your hardware revision of the 834 supports and don't even bother trying with V1 of the hardware (the silver one, v2's and 3's are white)
As Keith points out then once you have the link up you want to really be doing local name resolution at both ends, otherwise name lookups when the link is busy or unavailable will lead to problems. depending on the number of clients at each end do this with DNS/hosts files.
There are a couple of further complications if you have a domain at one end and want the remote end to log onto your domain, I won't bore you with those unless you need them.
The only obvious limitation I can see to this setup is there is a limit of how many tunnels the 834 can support so this doesn't work so well for remote workers etc and as far as I can remember there is no way to filter vpn traffic (the 834's built in firewall only relates to the external interface I think)