Help with Site-to-site VPN using 2k3 RRAS

  • Thread starter Thread starter Debo
  • Start date Start date
D

Debo

I have had experience in the past with setting up RRAS as an incoming
VPN Router, but have never set up a site-to-site VPN before. My
situation is as follows;
My company is closing down at the end of the month and we are in the
process of consolidating servers to be moved to a co-location center
here in town. My configuration for the next 15 or so days will be a
site-to-site VPN from my company to the co-location center and after
that will be a site-to-site VPN from someone's house. I have setup two
Windows Server 2003 R2 Enterprise servers to handle the site-to-site
traffic. Here are the proposed configurations:

Initial setup until 5/25
---------------------------------------------------------------------
Corporate Config
Internet ---- Cisco 2651XM Router ----- Cisco PIX 515e ----- Internal
network (10.100.0.0/16) --- RRAS box #1

Co-location config (I'm guessing because I haven't seen the setup yet)
Internet ---- Perimeter Router (co-location) ---- Internal Cisco
2651XM Router (ours) ---- Cisco PIX 515e (ours) ---- VLAN (hopefully
something like 192.168.1.0/24) ---- RRAS box #2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post 5/25 setup
---------------------------------------------------------------------
Cottage office config
Internet ---- Cable Modem ---- SOHO router/firewall (probably a
Linksys) ---- Internal network (probably 192.168.2.0/24) ---- RRAS box
#1

Co-location config (I'm guessing because I haven't seen the setup yet)
Internet ---- Perimeter Router (co-location) ---- Internal Cisco
2651XM Router (ours) ---- Cisco PIX 515e (ours) ---- VLAN (hopefully
something like 192.168.1.0/24) ---- RRAS box #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I guess my question is, how would I set up the RRAS boxes to complete
the site-to-site connection with the above configs? I'd like to use
L2TP/IPSec, but if PPTP works better I'm all ears. I really appreciate
any insight you can provide.
 
I have had experience in the past with setting up RRAS as an incoming
VPN Router, but have never set up a site-to-site VPN before.
Click to expand...

It sounds like you might find the following paper helpful:

Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site
VPNs

http://technet2.microsoft.com/windowsserver/en/library/74f65f37-9482-4316-
a2e9-4e1e295457d71033.mspx

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
James said:
It sounds like you might find the following paper helpful:

Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site
VPNs

http://technet2.microsoft.com/windowsserver/en/library/74f65f37-9482-4316-
a2e9-4e1e295457d71033.mspx
Click to expand...

I'm going to save you a lot of heartache: Buy a couple of VPN routers.
If you want to do L2TP in windows you have a LOT of setup. Less than 400
bucks will buy you 2 VPN routers that will do PPTP, L2TP, and IPSec,
plus act as their own certificate servers (for L2TP), NAT router,
firewall and DHCP server. The simplest setup is IPSec in tunnel mode. No
Certificates required, very secure. Just set up the two WANs, enable
IPSec, create tunnels at each end by specifying both the public IP
address of the other end, and the private network it'll be connecting to
thru the tunnel. Plug 'em in and ping. I recommend (because I use them
and they are very easy to set up) Secure Computing SG300, street price
is around $200, you can usually find them for less if you shop around.
An IPSec tunnel gives you true LAN-to-LAN connectivity (PPTP is
Client-to-LAN, probably NOT what you're looking for).

....kurt
 
Back
Top