Setting up connection between 2 offices using Win Server 2003

Hi experts.  I have been commanded by the higher-ups to configure a server with Windows Server 2003 Standard and send it to our branch office in Phoenix.  This server will need to persistently connect to our Denver office's server to give our Phoenix employees full access to our Denver network, and full access for our Denver employees to the Phoenix employee PCs.  Currently, the Denver server is also Windows Server 2003 and is currently our file server, backup server and VPN server.

I began researching site-to-site VPN connections, but then my boss told me to do it using static routes, saying it would be much easier.  I'm not sure I know the difference between the two scenarious, and I must say I am very confused by how to go about it using different subnets, etc.  My experience with this is limited, but I am a quick learner.

Could someone outline the basic steps by which I would go about doing this?  I have only one NIC in each server and am not sure whether I'd need two NICs in either of them.  Anything you could tell me to lead me in the right direction would be great!
philodendrinAsked:
Who is Participating?
 
NJComputerNetworksCommented:
Sounds like you will have to research what kind of WAN connection you have between Denver and Phoenix.  If this is already a secure PRIVATE WAN connection, there is no need for additional VPN.  However, if this connection is not secure, then you will have to add VPN security to your servers.  However, this is rare...

0
 
philodendrinAuthor Commented:
Hi NJComputer Networks, thanks for your response.  Right now there is no secure private WAN connection; only the Internet lies between the offices.  We have static IPs on each side.  Do you ask because a simple static route would have no good security like a VPN would?  If so, what steps are involved in setting up that persistent VPN connection?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
NJComputerNetworksCommented:
what type of firewall do you use right now in each site?
0
 
philodendrinAuthor Commented:
We have a Cisco 1750 firewall in the Denver (main) office and I believe either no firewall in Phoenix or a Netopia 3300-ENT router which also serves as a firewall (not 100% sure about Phoenix).
0
 
NJComputerNetworksCommented:
It is preferred and more secure to use your firewall device as the mechanism to create a secure VPN tunnel between sites.   If this is not possible, you can use the Windows Technology (but there is overhead and generally your will not get the performance and level of security that you would get through a hardware VPN)

Site to site VPN...  http://www.watchguard.com/products/edgex50.asp  <--- for example, you would need a device like this in both sites.
0
 
philodendrinAuthor Commented:
Could you give me an idea of how the Windows Technology works?  I suspect no one will here will vote Yay for a hardware VPN, and unfortunately security has never been a high priority at this company.  Since they have hired me, I have implemented more security in 2 months than they have had in years.

I have read site-to-site VPN articles from Microsoft, but get confused because I don't understand the "big picture" very well (and MS isn't great at explaining the Big Picture, either).  I have never before used Demand-Dial Interfaces and the like.  Right now,our Denver server has RRAS configured for users to connect via VPN, and the Phoenix Netopia router already connects to us persistently via VPN.  Using that current scenario, could I configure this new server for Phoenix in a way which would take advantage of the Netopia router's connection via VPN?  Mainly, what I am trying to accomplish is seeing each office's computers in "My Network Places" and very little else.

Am I confusing the issue now?  I am too confused to even know!
0
 
NJComputerNetworksCommented:
Hardware site to site VPN is very easy to implement... Software Windows VPN, requires an understanding of the three articles listed above  (This is somewhat more complicated)
0
 
philodendrinAuthor Commented:
I was afraid you'd say that!  Thanks for the articles.  I will check them out and respond tomorrow morning - I'm off to a meeting that will, sadly, last until this evening.
0
 
philodendrinAuthor Commented:
NJ, busy days are here, so I've decided to award you the points and move on with my life.  Those articles you sent were great (don't know how I never found the first 2 myself) and I think I can take it from here.  Thanks very much!
0
All Courses

From novice to tech pro — start learning today.