Site to Site VPN - WIN2k Server

There is no one guide that works for all networks as all networks are different.  There are also different types of VPNs and they are set up differently.  Windows 2000 server can do PPTP and L2TP VPNs.  PPTP are much easier to set up but are less secure, and depending what router/firewall you have, your firewall/router may not allow the GRE (protocol 47, not port 47) to pass through it.  In a server to server setup like you are talking about,, actually one machine will act as the server and the other is just a client as far as the VPN is concerned.  You will need to install Routing and Remote access (RRAS) on the server computer. Then just go into RRAS and set up the VPN, by default PPTP and L2TP connections are enabled. Do both the servers have 2 NICs? They dont have to but changes the way you set it up. Are you trying to connect 2 networks together, or just allow access for the server on one end to be able to VPN to the other server?  Again, there is no one canned answer, it all depends on your setup and what you want to do with the VPN.

Hi
Mike's correct in what he said, there are so many different ways that you could go about this. For what it's worth though, I'd always go with IPSEC as it's more secure (and believe me, if there is a way in, the script kiddies will find it) and a hardware firewall/router if at all possible and encapsulate all traffic within IPSEC 3DES encryption.

The following links contain a lot of sub-links and information/how-to's and step by steps,

Virtual Private Networks for Windows 2000
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
White Paper IPSec Executive Summary
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm
IPSec Overview Part Three: Cryptographic Technologies
http://www.ciscopress.com/articles/article.asp?p=25473
Step-by-Step Guide to Internet Protocol Security (IPSec)
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp

It really depends on how your budget is, and how much time you have available to research, test and practise the setup. We use Cisco pix based firewalls and they have proved (so far) extremely secure and reliable.

Deb :))

Thanks for the comments...i understand what you guys are saying and i realize that there are many ways to implement a VPN.  What I am asking is how i can connect my 2 networks using a windows 2000 server in each location.  

Essentially simulating a hardware based site to site VPN.  Clients on each network should be able to communicate with clients on the opposite network.

Is there a way to accomplish this with a windows 2000 server in each location?

This is what you want.

http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/sag_RRAS_scen_l2tp_bo.htm

eleventy5,

does this require windows 2000 ADVANCED Server?

it shouldn't,, the main difference between standard and adv. server is that adv has clustering options, can handle more memory and more processors

would this require each server having 2 NICs?

the scenario listed on the link I gave requires 2 nics in the servers.

i am a little confused as far as where the vpn servers would sit in the network.  Does this mean that each VPN server would have to be the default gateway to the Internet for the networks.  

Take for example one of my LANs, i will refer to as LAN A:

LAN A ---- > Router ------> Internet <------- Router <-------- LAN B

LAN A consists of a single private subnet (192.168.1.0 /24) with one default gateway to the Internet (.1 - a router performing NAT).  Where would the VPN server sit on the network in order to tunnel certain traffic to LAN B?  Also, how would we set up the 2 interfaces on the VPM server?