After VPN use from a site scales past four or five users it is often beneficial to switch architectures from a client-to-site VPN to a site-to-site VPN. This means that instead of managing individual clients for VPN access, entire networks are connected via an encrypted VPN tunnel. This allows all resources on one side of the tunnel to reach all resources on the other side of the tunnel. This is a common way to replace dedicated WAN connections with less expensive connections. Both sites support local Internet access and a site-to-site VPN provides the secure connection between the two networks. Although the networks might be dozens of hops away from each other, the VPN tunnel makes them appear to be adjacent networks as shown in Figure 18.3. Figure 18.3. Remote network is one hop away.
Using Windows Server 2003 RRAS for Site-to-Site VPNsWindows Server 2003 Routing and Remote Access Services supports not only client-to-server VPNs but also site-to-site VPNs. By creating VPN interfaces in addition to having physical interfaces, RRAS is able to route IP traffic not only throughout the network but across VPN connections as well. To create a site-to-site VPN, do the following:
|