redworks
asked on
Site-to-site VPN solution (software) in VMWare ESX/Vsphere4
I have the following situation:
A clothingstore chain that has several stores, and a headquarters.
At the headquaters there is a ZyXeL USG100 with dual WAN. The stores connect through VPN (built in modem). This works fine.
They want to expand, and I have offered them a hosted exchange solution. This will be placed on our VMware Vsphere/ESX4 solution in a datacenter.
Since this is a virtual solution, I need a software solution (site-to-site) to connect to the USG at the headquarters. I can obtain singlepoint-to-site using the Greenbow VPN client, but this limits me. It will only allow me to reach the network FROM the VPN, and not TO the VPS from the network.
How do I make a site-to-site connection, using software clients? Preferently a freeware version, but this is not essential... (These are IPSec tunnels)
Thanks.
A clothingstore chain that has several stores, and a headquarters.
At the headquaters there is a ZyXeL USG100 with dual WAN. The stores connect through VPN (built in modem). This works fine.
They want to expand, and I have offered them a hosted exchange solution. This will be placed on our VMware Vsphere/ESX4 solution in a datacenter.
Since this is a virtual solution, I need a software solution (site-to-site) to connect to the USG at the headquarters. I can obtain singlepoint-to-site using the Greenbow VPN client, but this limits me. It will only allow me to reach the network FROM the VPN, and not TO the VPS from the network.
How do I make a site-to-site connection, using software clients? Preferently a freeware version, but this is not essential... (These are IPSec tunnels)
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
simon_m_
Do you need a VPN ? .. if it's just hosted exchange can't you do outlook with RPC over https ?
ASKER
Yes I need VPN.
Did that Microsoft article help at all? You should just be able to use the Windows Server's internal IPsec capabilities to accomplish this.
Did this work for you?
ASKER
I've tried everything the article describes, but I can not get this to run.
My situation:
I have a network at the company headquarters (HQ), and I have stores (ST1, ST2, etc).
At the HQ, I have a ZyXEL USG100. The stores (ST1, ST2, ... ST11, etc) connect to the USG100 using IPSec.
The HQ has 192.168.1.0/255.255.255.0
and the stores have 192.168.102.0/255.255.255.
This works great. I can reach all subnets from HQ and vice-versa.
Now, the problem comes in here:
I have a VPS in a datacenter, remote (not in a store or HQ), that runs Windows 2003 Small Business edition. I installed it with 2 NICs. 1 LAN side, 1 WAN side.
I ran the wizard using the option "direct broadband connection". This way, the SBS2003 server also works as a gateway/firewall.
I have setup the WAN side with an IP XXX.XXX.XXX.XXX / 255.255.255.0 (outside, internet IP address) and the LAN side 192.168.254.1 / 255.255.255.0
I follow this guide exactly, but I still can not ping 192.168.1.1 (USG100 @ HQ) from the SBS2003 server (192.168.254.1).
Can someone please take me through a step by step instruction with these values? I have been working on this for ever...
Note: I use DES/SHA1/DH1 for both Phase 1 and 2. I use a pre-shared key to authenticate.
Thank you!!
My situation:
I have a network at the company headquarters (HQ), and I have stores (ST1, ST2, etc).
At the HQ, I have a ZyXEL USG100. The stores (ST1, ST2, ... ST11, etc) connect to the USG100 using IPSec.
The HQ has 192.168.1.0/255.255.255.0
and the stores have 192.168.102.0/255.255.255.
This works great. I can reach all subnets from HQ and vice-versa.
Now, the problem comes in here:
I have a VPS in a datacenter, remote (not in a store or HQ), that runs Windows 2003 Small Business edition. I installed it with 2 NICs. 1 LAN side, 1 WAN side.
I ran the wizard using the option "direct broadband connection". This way, the SBS2003 server also works as a gateway/firewall.
I have setup the WAN side with an IP XXX.XXX.XXX.XXX / 255.255.255.0 (outside, internet IP address) and the LAN side 192.168.254.1 / 255.255.255.0
I follow this guide exactly, but I still can not ping 192.168.1.1 (USG100 @ HQ) from the SBS2003 server (192.168.254.1).
Can someone please take me through a step by step instruction with these values? I have been working on this for ever...
Note: I use DES/SHA1/DH1 for both Phase 1 and 2. I use a pre-shared key to authenticate.
Thank you!!