?
Solved

Site to Site VPN - WIN2k Server

Posted on 2004-11-16
10
Medium Priority
?
214 Views
Last Modified: 2010-08-05
Can someone provide some detail on configuring a site to site VPN between 2 Windows 2000 servers
0
Comment
Question by:andreacadia
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12597045
There is no one guide that works for all networks as all networks are different.  There are also different types of VPNs and they are set up differently.  Windows 2000 server can do PPTP and L2TP VPNs.  PPTP are much easier to set up but are less secure, and depending what router/firewall you have, your firewall/router may not allow the GRE (protocol 47, not port 47) to pass through it.  In a server to server setup like you are talking about,, actually one machine will act as the server and the other is just a client as far as the VPN is concerned.  You will need to install Routing and Remote access (RRAS) on the server computer. Then just go into RRAS and set up the VPN, by default PPTP and L2TP connections are enabled. Do both the servers have 2 NICs? They dont have to but changes the way you set it up. Are you trying to connect 2 networks together, or just allow access for the server on one end to be able to VPN to the other server?  Again, there is no one canned answer, it all depends on your setup and what you want to do with the VPN.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12598843
Hi
Mike's correct in what he said, there are so many different ways that you could go about this. For what it's worth though, I'd always go with IPSEC as it's more secure (and believe me, if there is a way in, the script kiddies will find it) and a hardware firewall/router if at all possible and encapsulate all traffic within IPSEC 3DES encryption.

The following links contain a lot of sub-links and information/how-to's and step by steps,

Virtual Private Networks for Windows 2000
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
White Paper IPSec Executive Summary
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm
IPSec Overview Part Three: Cryptographic Technologies
http://www.ciscopress.com/articles/article.asp?p=25473
Step-by-Step Guide to Internet Protocol Security (IPSec)
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp

It really depends on how your budget is, and how much time you have available to research, test and practise the setup. We use Cisco pix based firewalls and they have proved (so far) extremely secure and reliable.

Deb :))
0
 

Author Comment

by:andreacadia
ID: 12599081
Thanks for the comments...i understand what you guys are saying and i realize that there are many ways to implement a VPN.  What I am asking is how i can connect my 2 networks using a windows 2000 server in each location.  

Essentially simulating a hardware based site to site VPN.  Clients on each network should be able to communicate with clients on the opposite network.

Is there a way to accomplish this with a windows 2000 server in each location?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 

Author Comment

by:andreacadia
ID: 12604815
eleventy5,

does this require windows 2000 ADVANCED Server?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 12604870
it shouldn't,, the main difference between standard and adv. server is that adv has clustering options, can handle more memory and more processors
0
 

Author Comment

by:andreacadia
ID: 12605267
would this require each server having 2 NICs?
0
 
LVL 2

Expert Comment

by:eleventy5
ID: 12608660
the scenario listed on the link I gave requires 2 nics in the servers.
0
 

Author Comment

by:andreacadia
ID: 12640272
i am a little confused as far as where the vpn servers would sit in the network.  Does this mean that each VPN server would have to be the default gateway to the Internet for the networks.  

Take for example one of my LANs, i will refer to as LAN A:

LAN A ---- > Router ------> Internet <------- Router <-------- LAN B

LAN A consists of a single private subnet (192.168.1.0 /24) with one default gateway to the Internet (.1 - a router performing NAT).  Where would the VPN server sit on the network in order to tunnel certain traffic to LAN B?  Also, how would we set up the 2 interfaces on the VPM server?
0
 
LVL 2

Accepted Solution

by:
eleventy5 earned 1500 total points
ID: 12641212
The method listed in the link I gave required one network card with a live IP address ( directly connected to the internet) and one on the local subnet. Traffic on the LAN A subnet destined for the LAN B network would be routed to the server. The default gateway could still be set to the router.

I am guessing you don't have an available live IP address for the server, or would rather not open the server to the internet in this fashion. I am unsure if 2 nics are required to make the routing and remote access VPN connection route correctly, as I have never personally set a VPN up in this way. You could try setting up the VPN connection between the 2 servers. one side being the server and the other side being the client as listed in the the earlier link. Make sure ports are forwarded on the routers and you are able to connect the vpn and pass traffic back and forth between the two servers. Set a static route on the workstations on LAN A to point all traffic for LAN B to the the LAN A server, and a static route on all of the LAN B workstations to point LAN A traffic to the LAN B Server. If this were to work, it would only require 1 nic in each server, but I am thinking there is a reason the microsoft recommended configuration requires 2 nics. I would bet that the two servers will have no problem talking to each other, but that the server will not know how to route traffic recieved from the network across the VPN connection. I could be wrong, so this might be worth a shot.

Good Luck!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If anyone asked you to network diagram of the internet, it was drawn in the form of a fluffy cloud which further became known as cloud computing. Popularly cloud computing is defined as workloads that run over the internet in a commercial provider’s…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question