Windows Server 2003 site-to-site VPN connections consist of many components. The calling router must be configured to initiate the VPN connection to the answering router. The Internet infrastructure must support the reachability of the answering router’s interface on the Internet and the resolvability of the answering router’s DNS name. You must decide on which authentication protocol (EAP-TLS and MS- CHAP v2 are recommended) and VPN protocol (L2TP/IPSec is recommended over
PPTP in high-security environments and with an existing public key infrastructure [PKI]) to use. The intranet infrastructure must have the routing infrastructure to make all locations in all sites reachable. The AAA infrastructure must be configured to provide authentication using Active Directory domains, authorization using remote access policies, and accounting for site-to-site VPN connections. For L2TP/IPSec connections or when using EAP-TLS authentication, a certificate infrastructure must be in place to issue computer and Router (Offline Request) certificates.