network project

[Fubarian]

Ok, bear with me here. I've got a complicated issue, and I've got a few plans, but I want some outside input.

Here's the restrictions, areas of concern

3 physical locations
Fiber lines ran between each to another (4th) location, but nothing of ours is @ that 4th location...just a switching location

Whats definately out
Running direct fiber connections, too much per month charge (I wanted that so bad)

Goal :
our own AD domain, exchange, cut off from the network we are currently on but not necessarily on a physical aspect, I'm lookin VPN or VLAN...

I was considering running routers at each location with an 04 ISA server (firewall, router, VPN) between each section, AD server behind each, VPN tunnel running between each. OR splitting ourselves with a VLAN ::shrug:: ...i'm up for any and all ideas.

[Fubarian]

looks like VLAN is out since it isn't really a type of encryption, so I'm down to revising the vpn idea or inventing a way to link all 3 connections physically.

[RejectionMan]

3 Options

1. over the internet: connect each site to high speed internet. place a AD server at eche site to limmit WAN traffic and reduce costs. Install ISA server or other firewall product to keep bad people out. use ISA servers to establish a IPSEC tunnel (Virtual Private Network) to the other sites (3DES cryopto) figureing out the routing to get both the tunnel and internet could be interesting.... or use a cisco router wich gets you AES crypto and I belive simplifyed routing with more security, or for cheap use OpenBSD firewalls (very cheap, but lots of learning). can be Cheap in long run high initial cost, effective, max down time / year = 18 days (Service Level Agreement)

2. leased lines T1, T3, Frame Relay, ATM, Business DSL ? (DSL thats not on internet.. heard it exists) service provider will provide Routers and setup, you just need to plug in. Costly but very effective, max down time / year = 2 days SLA. Low initial costs, on going mothly expence

3. your own network. you own everything, extremely costly to setup. only has maintnece for an ongoing cost.

it all comes down to what you need option one can be costly on learning, and initial setup (hardware), also has higher risk of outage, option 2 may have monthly fees attached but, it fast to implement, you donet maintain it, and it raely goes down.

[RejectionMan]

reread your post, you have option 2, wanted 3...


so you want to seperate yourself from the Service providers network, but want to get your data across it.

does this connection provide you with Internet?

easiest way is an IPSEC tunnel if its a private network, or leased line system. Pictures make this so much easier... email: [email protected]