Setting up site-to-site VPN using SBS2000

[Brinkie]

Hi,

After wandering around the web for days, I turn myself to you with my VPN
problem.

I need to setup a perminent VPN connection between headoffice and a remote
site (hosting location).

Currently I have a SBS2000 machine at the headoffice running Active
Directory. This SBS2000 machine is behind a firewall, but already accepts
home users VPN settions requested for the headquarters LAN. This is
configured in the firewall and up and running. On the remote site we
currently have several W2k machines running as member servers in a
workgroup.

I want all machines on the remote site to be reachable as if they are
situated in the LAN of the headoffice by people working at the headoffice or
home workers (who have dialed in through vpn). People need to be able to
access remote shares, open terminal service sessions and browse websites.

My idea is to setup a perminent VPN session (or on demand) between the two
sites (site-to-site) and to install a second Domain Controller at the remote
location so user authorization at the remote site can be managed by the
global Active Directory as well. This remote Domain Controller is also
supposed to control the VPN session to the headoffice.

My questions: Am I thinking in the right direction? What would be the
easiest way to accomplish this? What do I need to setup at the headoffice
and what at the remote location?

An example implementation would be highly appreciated!

Thanks in advance,
Brinkie

 

[Robert L [MS-MVP]]

quoted from http://www.ChicagoTech.net
How to Setup A Site-to-Site VPN Connection

To setup a Site-to-Site VPN Connection , you may need to configure two
windows servers for the Answering and Calling Routers. Here are the steps:

1. Run RRAS, on Configuration page, select LAN routing.
2. Configure VPN on the Answering Router.
3. Configure the Demand-dial Interface on the Answering Router.
4. Configure VPN on the Calling Router.
5. Configure the Demand-dial Interface on the Calling Router.
6. Confirm the Remote Access Policy Configuration on the Answering and
Calling Routers.


--
For more and other information, go to http://www.ChicagoTech.net


Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.


Bob Lin, MS-MVP, MCSE & CNE

Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

 

[Bill Grant]

Although it is possible to set up a site-to-site link between two Windows
servers, I would not recommend doing this between domain contollers,
especially in your case of where the sbs server is the primary server of
your forest/domain.

Using this server as a router is usually more trouble than it is worth.
It really causes all sorts of problems having the first DC in a
forest/domain multihomed.

Have you looked at using hardware routers to do the job? They are
getting cheaper and more versatile. You don't really want your DCs handling
this.