[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


LAn To LAN VPN Tunnel using Draytek 2800 (Router Server) 2830 (Router Client)

Posted on 2011-10-16
Medium Priority
Last Modified: 2012-06-22
It maybe a simple answer? I have set up a VPN tunnel between two different offices in two different cities via LAn to LAN VPN Tunnel using an existing older Draytek 2800 on the server end & a newer Draytek 2830 on the Client office using ipsec. it works to my supprise but it asks for a username & password when the client pier to pier computers connect to the remote sbs server, is there a way to do it so they dont need to imput a username & password? can the router send it?
Question by:Robbills
1 Comment

Accepted Solution

AndyBH_CKG earned 2000 total points
ID: 36975823
Unless I don't understand your setup correctly, the user name and password being requested is nothing to do with the VPN connection itself.

I would imagine that the two different offices have completely separate AD setups ?

This being the case the full user credentials of the computer in CITY1 is completely unknown to the server in CITY2.

The user is presumably authenticated on his PC with a full username of CITY1\jbloggs.

When he attempts to connect to the SBS server the server will look to see if knows anyone by that name and as it doesn't will ask the user to authenticate.

Users in CITY2 will be logged onto their PCs as CITY2\jdoe - when they login to the SBS server ( also on the CITY2 domain), the SBS server will see that they are already authenticated so let them straight on.

Now you have a fully working site to site VPN establishing a permanent link between CITY1 and CITY2, my recommendation would be to consider merging both sites onto a single AD database.

Whether that becomes two domains in a common forest or simply one common domain will really depend on the size of the userbase and any security/politics issues between the two entities.

As networking has enabled many of our offices that used to be "standalone" to be pulled into one WAN with some VPN links, we've found that a single AD and a common domain for all offices makes everything so much simpler to support.

A horrible temporary workaround that works only in SOME CASES is to ensure that the 'end bit' of username and password used on the local PC are the same as the domain user name and password on the SBS server. (e.g. If logging onto PC as CITY2\jbloggs make the password for CITY1\jbloggs the same as the CITY2\bloggs password)

Good Luck !



Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question