Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2003 setup a Dynamic VPN for IPSEC traffic?

Status
Not open for further replies.
geranimo666

geranimo666

Technical User
Sep 19, 2006
195
US
All-

Can a Windows 2003 server act as a dynamic "always on" VPN tunnel. Can this configuration be done on this Win2k3 NOS ?

I need IPSEC traffic to go over a Cisco ASA5505 appliance and ofcourse it needs to be encrypted from the initiated tunnel -then out to the Cisco ASA5505 -then out the router -then to another physical site with the same physical equipment established there..

My many worry is that Windows 2003 server can't just act as a dynamic "always on" VPN/IPSEC tunnel.. can anyone clarify this, perhaps with a url link (config info)

Thanks
geranimo
 
Sort by date Sort by votes
Why not just establish the VPN connectivity between the ASA's?

David R, CCIE
"To err is human... to really foul up requires the root password."
 
Upvote 0 Downvote
Hi Markers,

I hear ya.. the reason being is that let's say you have SiteA which contains a CA certificate (encrypted information) that needs to go from SiteA to SiteB, Sitec and SiteD all at the same time.. essentially this is a one-to-many VPN tunnel (IPSEC) scenario. I would need Windows to initiate the IPSEC tunnel and then have it terminate to the ASA appliance, then forward this traffic out the perimeter router and so on and so forth to all the other multiple sites mentioned above..

If you could share a url Cisco link that would depict your suggestion please forward it to me.. I would need to read through it in order to understand what config necessities will be needed...

thanks so much
geranimo
 
Upvote 0 Downvote
There should be some documentation that came with the ASA about setting up IPSec VPNs. What you want instead of a "single tunnel" that goes to three sites is to have three separate tunnels, one going to each site from the hub. I haven't used the 5505, but I know that we could do that with the ASA 5510s that we had. From Cisco's site it looks like it will support up to 10 site-to-site VPNs, which is what you want.

If you can't find the directions that came with the ASA, then post in the Cisco ASA forum and they should be able to help your write a config that will work.
 
Upvote 0 Downvote
Markers-

Yes that is exactly it.. As long as the Windows server can "intiate" but most importantly act as a VPN "active" connection on it's way to the ASA appliance... From what I understand, then the ASA appliance would have to create another IPSEC tunnel with this "certificate" and take it out of the perimeter router and over the MPLS cloud to another site where the same infrastructure equipment will take this certificate thru to the domain controller at that site..

the certificate is essentially a third party application that creates this "CA" for lack of a better term and then I'm relying on the Windows server to use it's VPN/IPSEC tunnel in order to forward this "CA" across etc etc.. your drawing is right though..

thanks and please add any information you see deemable.

geranimo
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
274
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
414
gbaughma
gbaughma
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
242
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
324
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
283
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top