router-to-router VPN

[lill]

Hi,

I am trying to get a router-to-router VPN between two Windows 2003
Servers running RRAS. I was told that this should be done using the
demand-dial interface option, but I can not get the connection to work.
I am using the L2TP/IPSec VPN connection with certificates, and gets an
error message saying that no certificates to use with EAP is found, even
though I do have certificates innstalled on the computer...(both machine
certificates and user certificates). What is wrong? I also get error
messages saying that no credentials are set, and that the username and
password is not valid in the given domain. The user do exist in the
domain, so I do not understand this...Is there anyone who have
configured a router-to-router VPN using RRAS? How?

Thanks,


-Lill

 

[Bill Grant]

Try breaking it down into steps. There is a lot involved here.

Make sure that you can establish a connection locally using PPTP. Then
try making a normal client-server connection across the Internet. When that
works, try the router-to-router connection using PPTP or L2TP without IPSec
(or using a shared secret) and check that the routing between sites works.

When that is working, start looking at your certificate problem.

 

[lill]

Thank you,
still the demand-dial interface that should be used for router-to-router
VPN? When configuring a client-to-server VPN (remote access) I am using
the Routing and Remote Access wizard.

-Lill

 

[Bill Grant]

Yes, you must use demand-dial interfaces at both ends of the connection.
When you connect, the "calling" router should use the name of the
demand-dial interface on the answering router as its username. This is to
ensure that the connection is made to the correct interface, so that the
correct static route is added to route traffic back to the subnet behind the
"calling" router. (You may need to read that a couple of times, slowly!)

If this doesn't happen, routing fails.