[ryan]

'm trying to set up a site-to-site VPN between two business locations. Each site has less than 5 users who need to connect to the SBS2003 server for their Exchange needs. My goal is to connect with higher throughput and without them having to use the MS software VPN and connect through the SBS 2003 server.

Remote site = Comcast Business class with one static IP and a Netgear UTM 5.
Server site = Verizon FiOS with one static IP and a Netgear UTM 10. SBS 2003 serves Exchange and a few shared folders, no web service.

Here are my challenges:
1) Remote Site = Comcast Business class over a SMC 8014 Gateway. Based on my reading, this does not support a hardware level bridge that is required for IPSec VPN connection.
1a) I have FiOS at home without a static IP. Is there a way I can still use this location to test out the connection between my home and the datacenter site?

2) Is SSL VPN a safe alternative if I can't overcome the SMC 8014 limitations to use IPSec?

3) If I can't get the broadband routers to work in true bridge mode and must use SSL, would it be reasonable to enable a DMZ on each broadband device and put the UTM's on the DMZ?

4) IP configurations are not my strength. (I'm a mechanical engineer by day, so I have 2-bit IT skills in an 8-bit world). I would love a suggested IP configuration (IP address ranges and subnet masks for each side of the site UTMs) for both ends that will not conflict and allow any client on one side to talk with any client on the other.

At the server site I have the 192.168.1.* / 255.255.255.0 - between the broadband and the UTM10, and 192.168.2.* / 255.255.255.0 inside. At the remote site I have 192.168.3.* / 255.255.255.0 between the broadband and UTM5, and 192.168.4.*/ 255.255.255.0 inside the UTM5.

Thanks for any advice you can offer.

[klux]

1. The smc8014 can be placed in bridge mode.

1a. You'd need to make a note of your current IP address at home for use in the HQ UTM if needed. You'd also need to set up port forwarding in your home router and assign the UTM at your home to a static private IP (192.x.x.x).

4. The IP's of the 2 UTM's should your 2 public static IP's. So you don't need the 192.x.x.x address space between the ISP routers and your UTM's. You LAN addresses seem fine. You'll have to configure a portion of your 192.x.x.x LAN space for use as remote VPN clients at your HQ site in the UTM. I've never used that make/model so I can't offer specific advice on that. If you have 5 remote users you'll need atleast 5 IP's in that pool though.

[ryan]

OK, got it working. Thanks for the help. I wanted to be fairly sure this was my answer before I committed to breaking down the current setup at each site since they're an hour apart and I don't want to lose all weekend on this.

I set up each broadband gateway into bridge mode.

The FiOS ActionTec details are here: http://www.dslreports.com/forum/r17679150-Howto-make-ActionTec-MI424WR-a-network-bridge
The LAN here is 192.168.2.x / 255.255.255.0

The Comcast SMC 8014 details are here: http://www.dslreports.com/forum/r21202317-Business-how-to-bridge-a-smc-8014-business-class-modem
The LAN here is 192.168.4.x / 255.255.255.0

For the record, the Netgear UTM5 and UTM10 connected flawlessly using an IPSec connection with the defaults. Obviously you'll need static IPs at each end.

So far so good.