VPN site to site - what do I actually get with routers? 1

[scriggs]

I am looking to setup a VPN to create a permanent connection between 2 remote sites. I have the servers networked on seperate subnets (192.168.3.100 and 192.168.4.100) next to each other using a switch.

I plan to create a VPN using 2 VPN routers (planning Draytek Vigors). What I am unsure of is what exactly I get by doing that? Will the routers do everything in the background and my servers just stay with the IPs above? Or do I need to do more configuration on the server?

Any help please...

 

[HungryHouse]

Am I confused on what youre trying to where things are located and what you're actually trying to accomplish. If you have (2)servers on separate subnets networked together with a switch ( a local device) then they are not at separate sites, correct? (also that assumes you are using a L3 switch or an external router to route between them...feel free to explain here). Where do the remote site come into play here..explain what will be on each side and what needs to speak with what and we can advise on the advantages/or not of VOPN in your scenario.
Thanks, HH

 

[scriggs]

Thanks for the reply, I will explain better.

I will be siting the 2 servers, running W2K3, at different sites and need to connect them together to share files. I plan to use a VPN for this.

To begin configuring the servers I have installed them seperately and then networked them over a switch locally, using a ROUTE command on each server to route the subnets. They are both DCs which share an Active Directory schema.

The missing link is I don't know how the VPN comes into play. Will the link be transparent and managed by the routers? Do the servers need to login and activate the VPN? Should the servers be on the same subnet as the VPN does it, or is my configuration correct?

 

[HungryHouse]

Assuming whatever routers you have are capable of VPN, a Site-to-Site VPN gives access for each LAN to be advertised to each LAN within a context of IPSec typically. The server being just (1)node on each LAN.
As long as the servers have a default route to get out from each side, and your routing negotiation is the same between the peer VPN routers, the connection will happen transparently to the servers. Note that there are different types of VPN initation depending on the capabilities of the routers. Some are initiator-responder relationships (where one of the units must initiate), and some are true peer-peer, where either side can bring up the tunnel.
The server sitting behind these routers do not actually have anything to do with the VPN communication or setup.
They would merely trigger the VPN to come up if the tunnel is down as interesting traffic is seen from the router's perspective. I have never heard of the routers that you mentioned (Draytek Vigors?), so I am talking in generalities about the way most VPNs work. I obviously can not speak to the capabilities of your particular devices.
I hope this is helpful?
Good luck.
-HH

 

[scriggs]

Draytek Vigors support peer-to-peer and upto 16 seperate tunnels, so they should operate as you specify.

What I am still unsure of is how the IP addressing between the servers (and workstations) will work on each end of the VPN.

Will server 1 be 192.168.3.100 and server 2 be 192.168.3.101 with the VPN and routers sorting out the routing?

Or will server 1 be 192.168.3.100 and server 2 be 192.168.4.100 with routing being sorted by the servers using the routers as a gateway?

 

[HungryHouse]

More of the latter example. Must keep the subnets separates otherwise the routers will get confused (it will mess up its routing table). Most likely, rtr A will advertise:
Local subnet: 192.168.3.x/24, remote: 192.168.4.x/24

rtr B will advertise:
Local subnet: 192.168.4.x/24, remote: 192.168.3.x/24

 

[scriggs]

Thats what I thought, which is why I setup my servers on seperate subnets in anticipation. Just wasn't sure how it interacted with the VPN/routers, but you have clarified nicely for me. Thanks.