Site-to-Site VPN connection with Windows 2003 Server

[urosl]

Hello!

I would like to connect two remote locations thru Internet by ADSL. On each side is Windows Server 2003 who is an gateway router for Intranet computers. On location A is Windows Server 2003 as VPN calling server, inside computers (they all have public IPs) must to have access to location B where is Windows Server 2003 as VPN Server (answernig VPN server) and at the same time Internet gateway with only one public adress (from ISP). All intranet computers at location B has 192.168.1.x addresses.

So, computers from location A must have access to Intranet at location B.

1. Any suggestions how to set ap VPN at both locations?
2. Is it very bad to have on the same server, VPN answering server and internet gateway router?

Please HELP!!!

THX!

 

[ChicagoTechNet]

if the VPN server is not DC, it can be both VPN and the router. quoted from

http://www.chicagotech.net.

How to Setup A Site-to-Site VPN Connection

To setup a Site-to-Site VPN Connection , you may need to configure two windows servers for the Answering and Calling Routers. Here are the steps:

1. Run RRAS, on Configuration page, select LAN routing.
2. Configure VPN on the Answering Router.
3. Configure the Demand-dial Interface on the Answering Router.
4. Configure VPN on the Calling Router.
5. Configure the Demand-dial Interface on the Calling Router.
6. Confirm the Remote Access Policy Configuration on the Answering and Calling Routers.



Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[urosl]

What could go wrong if the server is DC? Yes it is DC.

THX,
U.

 

[pmf71]

you don't necessarly need a server for that.

WIndows 2000 Pro and up support ipsec tunnels thru IPSec policies. SO all you need is two workstations and some routing knowledge. Look up the article "creating ipsec tunnels in windows 2000" for more info on this subject, i have used it before and it works great.

 

[pmf71]

umm i was a bit short there...I meant look up the subject in the microsoft knowledge base..it's article number 252735.

good luck and let me know if this was of any use to you.

 

[urosl]

I didn't use IPSec tunnels to achive the goal. I just used RRAS on Windows Server 2003 DC. I have one problem more; OK two problems.

1. I connected Win XP client to Win Server 2003 thru VPN. All OK, but could not ping machines on remote location, and didn't see any computers on My Netowork places, but a did map network drive with net use command. What to do on server that PING is possible? Anything with Group Policy?
2. I need to connect another Win Server 2003 thru VPN that will act as VPN gateway on other remote location for 50 computers.

Some setting for my Intranets:
- Where is VPN Answering server present:
one static IP, and all computers are configed IPs by DHCP (192.168.2.20 - 192.168.2.99), Gateway, DNS and WINS is 192.168.2.254.
- Calling Server static IP, and Intranet 192.168.1.20 - 192.168.1. 140, Gateway, WINS and DNS 192.168.1.254

I know that somethnig with static routes is to do, but I don't (for now!) what and how. ;-)
Any suggestions?

THX, for helping me!

 

[pmf71]

with ipsec policies those routes would have been configured automatically...