Routing and Remote Access & VPN

[ToddWW]

Currently I have several computers on a 10.10.10.x network. On one of them (10.10.10.7) I have a dialout PPTP VPN connection configured through "Network and Dialup Connections". When I make the connection to the VPN host, everything works and I can access the resources on that remote network. However, I can only access that network from that machine (10.10.10.7). If I go into the VPN properties and check "Enable Internet Connection Sharing for this connection", then on a different computer on the local network (say 10.10.10.9) I can put in a persistent route so I can route traffic through 10.10.10.7 to the remote VPN network. So this is how I currently have it setup and it works great.

Now I want to use Routing and Remote Access to establish the VPN connection with the remote network. Which I have done and I can access the remote network no problem from (10.10.10.7) Most of the setup and properties are the same, except there is no option to "Enable Internet Connection Sharing for this connection". So my question is, can I achieve the same result using Routing and Remote Access. Can I use this service to manage VPN connections and access those remote networks from other computers on my network using persistent routes. It works great when I connect to the VPN through the standard windows dialer and check "Enable Internet Connection Sharing....." for that interface.

Ultimately, I want to use a single PC to establish multiple VPN connections with multiple remote networks. Then route traffic from other machines on my network, through that single PC, to the remote networks that the machine is connected to. I'm not looking to spend a ton of money so expensive hardware is not really what I'm looking for. I've been told I can achieve what I want using Routing and Remote Access.

Any help would be greatly appreciated.

ToddWW

 

[unclerico]

what you are looking for is a L2L or site-to-site vpn. when you run through the rras setup wizard it'll ask you to decide what you are planning to use the rras service for; one of the options is to connect to a remote network (branch office). You'll set up the demand-dial interface to point to the remote router and specify the interesting traffic that can traverse the vpn tunnel. you'll more than likely be using a preshared key so under the advanced settings of the demand-dial interface you'll specify the psk. in your permiter firewall/router you'll add a static route pointing to the ip of your local rras server as the next hop to get to the remote network, no more host routes on individual computers.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[LoneWolf2009]

RRAS will work fine for you. You will need to setup a Demand Dial routing interface for each destination you will connect to, as well as static routes for each. (The 2003 and 2008 RRAS walk you through this). Then you will need to setup routes for your users, either on your router, if it will let you, or from a login script or something.

I'd be happy to help more if you need it.