For the past nine chapters, we have covered virtual private network (VPN) concepts, design considerations, features, applications, and deployment guidelines. Now it is time to take a look at a remote access/site-to-site VPN deployment example. As with any in-depth technology, the best way to learn is to see a working example of the VPN infrastructure in action. In this chapter, we will walk you through a design and implementation of a VPN deployment that you can replicate in your own test environment.
In this sample deployment, Contoso, LTD. a fictional company, has deployed the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol with Internet Protocol Security (L2TP/IPSec) VPN technologies provided with their Microsoft Windows Server 2003–based and Windows XP–based computers; they are running no other operating systems. Contoso, LTD. has deployed these technologies to create secure remote access, branch office, and business partner connectivity solutions. This chapter describes the design and configuration of the Contoso, LTD. VPN and dial-up remote access infrastructure. Although your network configuration might be different than those described here, you can still apply the basic concepts of virtual private networking in your network environment.
Contoso, LTD. is a fictional electronics design and manufacturing company with a main corporate campus in New York and branch offices and distribution business partners throughout the United States. Contoso, LTD. has implemented a VPN solution by using Windows Server 2003 to connect remote access users, branch offices, and business partners.
The VPN server at the corporate office provides both remote access and site-to-site (also known as router-to-router) PPTP and L2TP/IPSec VPN connections. In addition, the VPN server provides the routing of packets to intranet and Internet locations.
Based on the common configuration of the VPN server for both remote access and site-to-site connections, the following VPN configurations are described in this chapter:
VPN remote access for employees
On-demand branch office access
Persistent branch office access
Extranet for business partners
Dial-up and VPNs with Remote Authentication Dial-In User Service (RADIUS)
The sample companies, organizations, products, people, and events depicted herein are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.