Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

VPN connection between cloud server and on-prem domain controller

Posted on 2014-12-23
4
425 Views
Last Modified: 2015-02-01
I'm pretty new to VPN connections, but over the last two weeks I have managed to set up a number of VPN connections to Windows 2003 R2, 2008 R2 & 2012 R2 servers.

Most (except one which had a decent Cisco gateway with a PPTP server capability) have been using the standard Windows Server RRAS configuration with PPTP and "dial-in" permissions for the various user accounts.
The most recent VPN I configured is to an Amazon EC2 server and it is the first one I have done using SSTP and a security certificate.
I can connect OK and our applications are working OK, but I'm to the point where testing for this server is about to go to production.  There is one site which will be connecting with 5 or more users... so I was wondering if there was a way to create the VPN tunnel between the two servers rather than having each user in the office "dial-in"?

The AWS server's private IP is 172.32.3.23 and the on-prem DC server's private IP range is 192.168.1.0/24.  The application we use needs the client side to connect to the server side using the server's IP (in this case the AWS server).  This is why the "dial-in" works great because with DHCP enabled for a reserved range, the computers connecting to the AWS server are being given an IP in the same subnet as the AWS server - and therefore the application works fine.

If the answer to my above question is yes, how do I achieve this?  Especially when each on-prem client computer will need to be able to point to the private side of the AWS cloud server for the application to work.

A side note if it will help:-  the on-prem network has a CyberRoam VPN device (that was once used for a previous remote office).
0
Comment
Question by:Reece Dodds
  • 2
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 40521608
what you need is known as a site-to-site VPN, instead of a per-user VPN.

This means that your default gateway (router, firewall or server) is aware of the link and send traffic to the cloud server's subnet automatically without the individual users/PCs having to do anything.

This link seems to mention setting up VPNs but I've not done much with Amazon's hosted systems so best to check with them. You'll need a device at your end that can support the VPN (router or server)

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html#Examples
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 40550124
Will any changes need to be made to the AWS server's SSTP configuration?
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 500 total points
ID: 40553927
depends on your account as to whetheryou have the facility available, but I believe it's pretty much pre-configured if it's there.
Best to ask the AWS guys who look after your account.
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 40583116
Will do.  Thanks for your help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN problems 4 23
BGP recommended setup with failover 2 46
Install IIS7.5 on Windows Sever 2012 R2 4 23
Internet testing device? 5 28
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question