Site-to-site VPN solution (software) in VMWare ESX/Vsphere4

I have the following situation:

A clothingstore chain that has several stores, and a headquarters.
At the headquaters there is a ZyXeL USG100 with dual WAN. The stores connect through VPN (built in modem). This works fine.

They want to expand, and I have offered them a hosted exchange solution. This will be placed on our VMware Vsphere/ESX4 solution in a datacenter.
Since this is a virtual solution, I need a software solution (site-to-site) to connect to the USG at the headquarters. I can obtain singlepoint-to-site using the Greenbow VPN client, but this limits me. It will only allow me to reach the network FROM the VPN, and not TO the VPS from the network.

How do I make a site-to-site connection, using software clients? Preferently a freeware version, but this is not essential... (These are IPSec tunnels)

Who is Participating?
Jody LemoineNetwork ArchitectCommented:
I would have a look at the following article:

This particular document is for connecting a Windows Server 2003 machine to a non-Windows device via an IPsec tunnel, which should fit the bill if you're just trying to establish a link to the USG100's LAN.
Do you need a VPN ? .. if it's just hosted exchange can't you do outlook with RPC over https ?
redworksAuthor Commented:
Yes I need VPN.
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Jody LemoineNetwork ArchitectCommented:
Did that Microsoft article help at all?  You should just be able to use the Windows Server's internal IPsec capabilities to accomplish this.
Jody LemoineNetwork ArchitectCommented:
Did this work for you?
redworksAuthor Commented:
I've tried everything the article describes, but I can not get this to run.
My situation:

I have a network at the company headquarters (HQ), and I have stores (ST1, ST2, etc).
At the HQ, I have a ZyXEL USG100. The stores (ST1, ST2, ... ST11, etc) connect to the USG100 using IPSec.

The HQ has
and the stores have and (and so on).
This works great. I can reach all subnets from HQ and vice-versa.

Now, the problem comes in here:
I have a VPS in a datacenter, remote (not in a store or HQ), that runs Windows 2003 Small Business edition. I installed it with 2 NICs. 1 LAN side, 1 WAN side.
I ran the wizard using the option "direct broadband connection". This way, the SBS2003 server also works as a gateway/firewall.
I have setup the WAN side with an IP XXX.XXX.XXX.XXX / (outside, internet IP address) and the LAN side /

I follow this guide exactly, but I still can not ping (USG100 @ HQ) from the SBS2003 server (

Can someone please take me through a step by step instruction with these values? I have been working on this for ever...

Note: I use DES/SHA1/DH1 for both Phase 1 and 2. I use a pre-shared key to authenticate.

Thank you!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.