• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 902
  • Last Modified:

Site-to-site VPN solution (software) in VMWare ESX/Vsphere4

I have the following situation:

A clothingstore chain that has several stores, and a headquarters.
At the headquaters there is a ZyXeL USG100 with dual WAN. The stores connect through VPN (built in modem). This works fine.

They want to expand, and I have offered them a hosted exchange solution. This will be placed on our VMware Vsphere/ESX4 solution in a datacenter.
Since this is a virtual solution, I need a software solution (site-to-site) to connect to the USG at the headquarters. I can obtain singlepoint-to-site using the Greenbow VPN client, but this limits me. It will only allow me to reach the network FROM the VPN, and not TO the VPS from the network.

How do I make a site-to-site connection, using software clients? Preferently a freeware version, but this is not essential... (These are IPSec tunnels)

  • 3
  • 2
1 Solution
Jody LemoineNetwork ArchitectCommented:
I would have a look at the following article:


This particular document is for connecting a Windows Server 2003 machine to a non-Windows device via an IPsec tunnel, which should fit the bill if you're just trying to establish a link to the USG100's LAN.
Do you need a VPN ? .. if it's just hosted exchange can't you do outlook with RPC over https ?
redworksAuthor Commented:
Yes I need VPN.
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Jody LemoineNetwork ArchitectCommented:
Did that Microsoft article help at all?  You should just be able to use the Windows Server's internal IPsec capabilities to accomplish this.
Jody LemoineNetwork ArchitectCommented:
Did this work for you?
redworksAuthor Commented:
I've tried everything the article describes, but I can not get this to run.
My situation:

I have a network at the company headquarters (HQ), and I have stores (ST1, ST2, etc).
At the HQ, I have a ZyXEL USG100. The stores (ST1, ST2, ... ST11, etc) connect to the USG100 using IPSec.

The HQ has
and the stores have and (and so on).
This works great. I can reach all subnets from HQ and vice-versa.

Now, the problem comes in here:
I have a VPS in a datacenter, remote (not in a store or HQ), that runs Windows 2003 Small Business edition. I installed it with 2 NICs. 1 LAN side, 1 WAN side.
I ran the wizard using the option "direct broadband connection". This way, the SBS2003 server also works as a gateway/firewall.
I have setup the WAN side with an IP XXX.XXX.XXX.XXX / (outside, internet IP address) and the LAN side /

I follow this guide exactly, but I still can not ping (USG100 @ HQ) from the SBS2003 server (

Can someone please take me through a step by step instruction with these values? I have been working on this for ever...

Note: I use DES/SHA1/DH1 for both Phase 1 and 2. I use a pre-shared key to authenticate.

Thank you!!

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now