Setting up RRAS on W2k Pro SP4

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to setup Routing and Remote Access per KB20383 to setup a VPN,
and do not see an icon for Routing and Remote Access in the Administrative
Tools folder. It appears that it is missing. Can I reinstall that feature?
 
Brooks said:
I am trying to setup Routing and Remote Access per KB20383 to setup a VPN,
and do not see an icon for Routing and Remote Access in the Administrative
Tools folder. It appears that it is missing. Can I reinstall that feature?
Click to expand...

That would be because RRAS is not available in Windows 2000 pro. You
need a Server OS for that feature. But you can still set up Pro as a
limited VPN server by just running the new connection wizard and
choosing the option to allow incoming connections.

....kurt
 
Thank you. That certainly explains it. Will Pro allow me to set up a
site-to-site connection to one fixed location? Brooks
 
Brooks said:
Thank you. That certainly explains it. Will Pro allow me to set up a
site-to-site connection to one fixed location? Brooks
Click to expand...
It will allow you to set up a client-to-site connection, and you can
share the client connection on the client's local LAN to other devices
(you'll need a route). You can actually do the same at both ends and get
a very slow LAN-to-LAN VPN service up and running. I've done this, but
you'll need to be fairly handy at sorting out your TCP/IP parameters to
get it all working. You'll be NATing between networks using Internet
Connection Sharing. I did this for a long time between my house and
work, even had a trust between my home and work domains running across
the thing. But it's definitely a hack. If you really want to get
something that's built for what you're trying to do, consider investing
a couple hundred bucks in a pair of IPSec VPN Routers, one for each end.

....kurt
 
Kurt said:
It will allow you to set up a client-to-site connection, and you can
share the client connection on the client's local LAN to other devices
(you'll need a route). You can actually do the same at both ends and get
a very slow LAN-to-LAN VPN service up and running. I've done this, but
you'll need to be fairly handy at sorting out your TCP/IP parameters to
get it all working. You'll be NATing between networks using Internet
Connection Sharing. I did this for a long time between my house and
work, even had a trust between my home and work domains running across
the thing. But it's definitely a hack. If you really want to get
something that's built for what you're trying to do, consider investing
a couple hundred bucks in a pair of IPSec VPN Routers, one for each end.

....kurt
Click to expand...
Kurt,
Thanks for the advice. As you can tell, I am new to VPN and need help. I
will look into the routers that you mentioned. I have Dlink and Linksys
routers and they both say they work for VPN, but might not do so as well as
routers designed for that purpose. If I use the routers you suggest, can I
operate with W2K pro?
Brooks
 
Kurt,
Thanks for the advice. As you can tell, I am new to VPN and need help. I
will look into the routers that you mentioned. I have Dlink and Linksys
routers and they both say they work for VPN, but might not do so as well as
routers designed for that purpose. If I use the routers you suggest, can I
operate with W2K pro?
Brooks
Click to expand...

It really depends on what you are trying to accomplish. If you want to
connect Windows 2000 clients to a home office LAN (like mobile sales
force staff from laptops in their hotel rooms), then the Windows 2000
box makes a decent VPN "server" for a limited number of connections
(either 5 or 10, I forget which).

On the other hand, if you are trying to connect two LANs at different
locations, a pair of matching routers is the way to go. The tunnel is
set up between routers and both LANs can communicate regardless of
hardware, operating systems, etc. You can't "browse" the other LAN in My
Network Places, because routed connections generally do not pass the
necessary broadcast traffic. But you can connect using IP addresses, or
if you have a Windows 2000/2003 server at either end, you can install
the WINS service.

....kurt
 
Kurt..
Thanks for your patience and help. I now have a much better understanding
of the technology. One final question: do you prefer a particular VPN router
model for a site-to-site that works well without unneccesary bells and
whistles?

Brooks
 
There are many. Lots of folks will recommend Linksys, which I've used
and are fine. My personal choice is a "Secure Computing SG300". These
are really cool little routers. I particularly like the throughput (30
Mbps unencrypted, 4+Mbps at 168 bit 3DES). There's a web gui and several
step-by-steps for creating various site-to-site VPNs. You'll want to go
with the IPSec option, probably with a home office - branch office
scenario. One of the ends will need a static IP address. I use these for
direct routing between the two sites at the company where I work. We
also have a Web developer in Seattle that uses one at his house for his
Internet router and full-time VoIP (his phone works just like it was any
other phone on site). Also these can serve multiple purposes, not only
IPSec tunnels, but also L2TP and PPTP (client and server)! So you can do
it all.

....kurt
 
Back
Top