Using Site-to-Site VPNs

Previous page
Table of content
Next page

After VPN use from a site scales past four or five users it is often beneficial to switch architectures from a client-to-site VPN to a site-to-site VPN. This means that instead of managing individual clients for VPN access, entire networks are connected via an encrypted VPN tunnel. This allows all resources on one side of the tunnel to reach all resources on the other side of the tunnel. This is a common way to replace dedicated WAN connections with less expensive connections. Both sites support local Internet access and a site-to-site VPN provides the secure connection between the two networks. Although the networks might be dozens of hops away from each other, the VPN tunnel makes them appear to be adjacent networks as shown in Figure 18.3.

Figure 18.3. Remote network is one hop away.

graphics/18fig03.gif

Using Windows Server 2003 RRAS for Site-to-Site VPNs

Windows Server 2003 Routing and Remote Access Services supports not only client-to-server VPNs but also site-to-site VPNs. By creating VPN interfaces in addition to having physical interfaces, RRAS is able to route IP traffic not only throughout the network but across VPN connections as well.

To create a site-to-site VPN, do the following:

  1. From within the Routing and Remote Access manager, right-click the Network Interfaces and choose to add a new Dial Demand Interface. This will launch the wizard.

  2. Click Next and give the interface a name. This name should easily identify the site to which it is connecting (see Figure 18.4).

    Figure 18.4. Configuring the interface name.

    graphics/18fig04.gif

  3. Choose the connection type and the VPN type. Then enter the IP address of the VPN device to which you are connecting. Click Next.

  4. Check the box labeled Route IP packets, shown in Figure 18.5, on this interface.

    Figure 18.5. Enabling the routing of IP packets.

    graphics/18fig05.gif

  5. Enter the subnets located on the opposite side of the VPN tunnel. This will be entered by the system as a static route through the VPN interface. Click Next.

  6. Enter the dial-in credentials for the interface. This account must exist at the other side of the VPN. Click Next and then Finish and the VPN is complete.


Previous page
Table of content
Next page
Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325
Authors: Rand Morimoto, Andrew Abbate, Eric Kovach, Ed Roberts
BUY ON AMAZON
Java How to Program (6th Edition) (How to Program (Deitel))
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
GO! with Microsoft Office 2003 Brief (2nd Edition)
Microsoft WSH and VBScript Programming for the Absolute Beginner
Junos Cookbook (Cookbooks (OReilly))
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy