Results 1 to 10 of 10

Thread: SITE-To-SITE VPN using Windows Server 2003 Standard

  1. #1
    S H A R I Q U E Guest

    SITE-To-SITE VPN using Windows Server 2003 Standard

    Is it possible to create SITE-To-SITE VPN using Windows Server 2003 Standard
    Edition without the use of ISA or any other firewall.?
    Is there any article to create such VPN on technet.





  2. #2
    Meinolf Weber [MVP-DS] Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Hello S H A R I Q U E,

    See here for starting:
    http://technet.microsoft.com/en-us/l.../cc758232.aspx

    http://technet.microsoft.com/en-us/n.../bb545442.aspx

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    > Standard
    > Edition without the use of ISA or any other firewall.?
    > Is there any article to create such VPN on technet.




  3. #3
    S H A R I Q U E Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH SERVERS
    BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?


    "Meinolf Weber [MVP-DS]" wrote:

    > Hello S H A R I Q U E,
    >
    > See here for starting:
    > http://technet.microsoft.com/en-us/l.../cc758232.aspx
    >
    > http://technet.microsoft.com/en-us/n.../bb545442.aspx
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    > no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >
    > > Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    > > Standard
    > > Edition without the use of ISA or any other firewall.?
    > > Is there any article to create such VPN on technet.

    >
    >
    >


  4. #4
    Meinolf Weber [MVP-DS] Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Hello S H A R I Q U E,

    Should work, but without a domain you have centralized authentication options.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
    > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
    >
    > "Meinolf Weber [MVP-DS]" wrote:
    >
    >> Hello S H A R I Q U E,
    >>
    >> See here for starting:
    >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
    >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>> Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    >>> Standard
    >>> Edition without the use of ISA or any other firewall.?
    >>> Is there any article to create such VPN on technet.




  5. #5
    S H A R I Q U E Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    ok....i have read the document...but issue is that Both SITES are using
    Private IP addresses or they are behind ISP Firewall ...in this scenarion is
    it possible to create SITE-To-SITE or RemoteAccess VPN using private ip
    addresses...


    "Meinolf Weber [MVP-DS]" wrote:

    > Hello S H A R I Q U E,
    >
    > Should work, but without a domain you have centralized authentication options.
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    > no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >
    > > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
    > > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
    > >
    > > "Meinolf Weber [MVP-DS]" wrote:
    > >
    > >> Hello S H A R I Q U E,
    > >>
    > >> See here for starting:
    > >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
    > >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
    > >>
    > >> Best regards
    > >>
    > >> Meinolf Weber
    > >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    > >> confers
    > >> no rights.
    > >> ** Please do NOT email, only reply to Newsgroups
    > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    > >>> Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    > >>> Standard
    > >>> Edition without the use of ISA or any other firewall.?
    > >>> Is there any article to create such VPN on technet.

    >
    >
    >


  6. #6
    Bill Grant Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Both sites must be using private IP addresses or the site to site won't
    work. What the link does in tunnel the private IP addresses through the
    public connection between the sites.

    The setup documents usually assume that the RRAS routers are connected to
    the Internet and are the default geteway routers for the site. Other configs
    are possible but you then have to sort out the routing for yourself. If the
    RRAS servers are the default gateway routers for the site, routing between
    sites is automatic. RRAS looks after the site to site routing an the traffic
    which needs to go through the tunnel gets to the VPN router by default.

    Without a domain the routing will work but name resolution and file
    sharing are a headache.


    "S H A R I Q U E" <SHARIQUE@discussions.microsoft.com> wrote in message
    news:BC8DF69C-F41E-4458-A7C3-2344BF003B0C@microsoft.com...
    > ok....i have read the document...but issue is that Both SITES are using
    > Private IP addresses or they are behind ISP Firewall ...in this scenarion
    > is
    > it possible to create SITE-To-SITE or RemoteAccess VPN using private ip
    > addresses...
    >
    >
    > "Meinolf Weber [MVP-DS]" wrote:
    >
    >> Hello S H A R I Q U E,
    >>
    >> Should work, but without a domain you have centralized authentication
    >> options.
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers
    >> no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>
    >>
    >> > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
    >> > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
    >> >
    >> > "Meinolf Weber [MVP-DS]" wrote:
    >> >
    >> >> Hello S H A R I Q U E,
    >> >>
    >> >> See here for starting:
    >> >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
    >> >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
    >> >>
    >> >> Best regards
    >> >>
    >> >> Meinolf Weber
    >> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> >> confers
    >> >> no rights.
    >> >> ** Please do NOT email, only reply to Newsgroups
    >> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >> >>> Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    >> >>> Standard
    >> >>> Edition without the use of ISA or any other firewall.?
    >> >>> Is there any article to create such VPN on technet.

    >>
    >>
    >>


  7. #7
    S H A R I Q U E Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Its quite surprising to read that SITE-To-SITE VPN will work only when both
    SITES are using RFC1918 addresses, that is, private ip addresses.
    During VPN configuration wizard, it ask which interface is associated with
    PUBLIC ADDRESS, we select that and leave private interface intact. In this
    case, how can a calling router detect answering when both are using PRIVATE
    IP ADDRESSES, since both are behind ISP firewall. Do i need to involve ISP to
    allow me define static route across public ip address to private ip address.
    BOth Servers are default gateway in my scenario.First one is member
    server(calling router) and second one(answering router) is in workgroup.

    regards


    "Bill Grant" wrote:

    > Both sites must be using private IP addresses or the site to site won't
    > work. What the link does in tunnel the private IP addresses through the
    > public connection between the sites.
    >
    > The setup documents usually assume that the RRAS routers are connected to
    > the Internet and are the default geteway routers for the site. Other configs
    > are possible but you then have to sort out the routing for yourself. If the
    > RRAS servers are the default gateway routers for the site, routing between
    > sites is automatic. RRAS looks after the site to site routing an the traffic
    > which needs to go through the tunnel gets to the VPN router by default.
    >
    > Without a domain the routing will work but name resolution and file
    > sharing are a headache.
    >
    >
    > "S H A R I Q U E" <SHARIQUE@discussions.microsoft.com> wrote in message
    > news:BC8DF69C-F41E-4458-A7C3-2344BF003B0C@microsoft.com...
    > > ok....i have read the document...but issue is that Both SITES are using
    > > Private IP addresses or they are behind ISP Firewall ...in this scenarion
    > > is
    > > it possible to create SITE-To-SITE or RemoteAccess VPN using private ip
    > > addresses...
    > >
    > >
    > > "Meinolf Weber [MVP-DS]" wrote:
    > >
    > >> Hello S H A R I Q U E,
    > >>
    > >> Should work, but without a domain you have centralized authentication
    > >> options.
    > >>
    > >> Best regards
    > >>
    > >> Meinolf Weber
    > >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    > >> confers
    > >> no rights.
    > >> ** Please do NOT email, only reply to Newsgroups
    > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    > >>
    > >>
    > >> > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
    > >> > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
    > >> >
    > >> > "Meinolf Weber [MVP-DS]" wrote:
    > >> >
    > >> >> Hello S H A R I Q U E,
    > >> >>
    > >> >> See here for starting:
    > >> >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
    > >> >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
    > >> >>
    > >> >> Best regards
    > >> >>
    > >> >> Meinolf Weber
    > >> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    > >> >> confers
    > >> >> no rights.
    > >> >> ** Please do NOT email, only reply to Newsgroups
    > >> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    > >> >>> Is it possible to create SITE-To-SITE VPN using Windows Server 2003
    > >> >>> Standard
    > >> >>> Edition without the use of ISA or any other firewall.?
    > >> >>> Is there any article to create such VPN on technet.
    > >>
    > >>
    > >>

    >


  8. #8
    Bill Grant Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    Why are you surprised that VPN expects that you use private IPs? That is
    the whole point of VPN. As its name suggests, VPN is Virtual Private
    Networking. The client appears to be on your private LAN when in fact it is
    connecting through the Internet. VPN creates a private address tunnel
    through the public network. It does this by encrypting the privately
    addressed packets and encapsulating these within a publicly addressed
    wrapper.

    For site to site VPN to work there must be a connection between the two
    sites to carry the encrypted and encapsulated data. If both sites have an
    Internet connection, that will do the trick. Whether they are behind an ISP
    firewall or not should not affect your connection unless the firewall blocks
    a port of protocol which VPN needs. {One such is that you cannot use PPTP if
    your ISP blocks GRE (IP protocol 47)}. The firewall does not affect normal
    file sharing because the packets are encrypted and encapsulated when they
    pass through the firewall.

    Site to site VPN is designed to allow two privately addressed sites to
    route through a VPN connection across another network (such as the
    Internet). Only the routers have public IP addresses. Both LANs use private
    IP addresses and they must be in different IP subnets. When you configure
    the routers you assign static routes for the private LANs to the demand-dial
    interfaces used in the connection. When the connection is made, these routes
    are added to the routing table. Each router now has a static route to the
    "other" site through the VPN link.

    When the link is up it behaves like a (slow) IP router. All traffic
    addressed to the other IP subnet is sent through the tunnel to the other
    site. It is then delivered on the LAN at the second site.

    If you want to securely connect machines which have public IPs you
    would normally use IPSec tunnels, not VPN.

    "S H A R I Q U E" <SHARIQUE@discussions.microsoft.com> wrote in message
    news:1B57AF30-8BEF-4296-9285-BB4DE9DA3F99@microsoft.com...
    > Its quite surprising to read that SITE-To-SITE VPN will work only when
    > both
    > SITES are using RFC1918 addresses, that is, private ip addresses.
    > During VPN configuration wizard, it ask which interface is associated with
    > PUBLIC ADDRESS, we select that and leave private interface intact. In this
    > case, how can a calling router detect answering when both are using
    > PRIVATE
    > IP ADDRESSES, since both are behind ISP firewall. Do i need to involve ISP
    > to
    > allow me define static route across public ip address to private ip
    > address.
    > BOth Servers are default gateway in my scenario.First one is member
    > server(calling router) and second one(answering router) is in workgroup.
    >
    > regards
    >
    >
    > "Bill Grant" wrote:
    >
    >> Both sites must be using private IP addresses or the site to site won't
    >> work. What the link does in tunnel the private IP addresses through the
    >> public connection between the sites.
    >>
    >> The setup documents usually assume that the RRAS routers are connected
    >> to
    >> the Internet and are the default geteway routers for the site. Other
    >> configs
    >> are possible but you then have to sort out the routing for yourself. If
    >> the
    >> RRAS servers are the default gateway routers for the site, routing
    >> between
    >> sites is automatic. RRAS looks after the site to site routing an the
    >> traffic
    >> which needs to go through the tunnel gets to the VPN router by default.
    >>
    >> Without a domain the routing will work but name resolution and file
    >> sharing are a headache.
    >>
    >>
    >> "S H A R I Q U E" <SHARIQUE@discussions.microsoft.com> wrote in message
    >> news:BC8DF69C-F41E-4458-A7C3-2344BF003B0C@microsoft.com...
    >> > ok....i have read the document...but issue is that Both SITES are using
    >> > Private IP addresses or they are behind ISP Firewall ...in this
    >> > scenarion
    >> > is
    >> > it possible to create SITE-To-SITE or RemoteAccess VPN using private ip
    >> > addresses...
    >> >
    >> >
    >> > "Meinolf Weber [MVP-DS]" wrote:
    >> >
    >> >> Hello S H A R I Q U E,
    >> >>
    >> >> Should work, but without a domain you have centralized authentication
    >> >> options.
    >> >>
    >> >> Best regards
    >> >>
    >> >> Meinolf Weber
    >> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> >> confers
    >> >> no rights.
    >> >> ** Please do NOT email, only reply to Newsgroups
    >> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >> >>
    >> >>
    >> >> > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
    >> >> > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
    >> >> >
    >> >> > "Meinolf Weber [MVP-DS]" wrote:
    >> >> >
    >> >> >> Hello S H A R I Q U E,
    >> >> >>
    >> >> >> See here for starting:
    >> >> >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
    >> >> >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
    >> >> >>
    >> >> >> Best regards
    >> >> >>
    >> >> >> Meinolf Weber
    >> >> >> Disclaimer: This posting is provided "AS IS" with no warranties,
    >> >> >> and
    >> >> >> confers
    >> >> >> no rights.
    >> >> >> ** Please do NOT email, only reply to Newsgroups
    >> >> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >> >> >>> Is it possible to create SITE-To-SITE VPN using Windows Server
    >> >> >>> 2003
    >> >> >>> Standard
    >> >> >>> Edition without the use of ISA or any other firewall.?
    >> >> >>> Is there any article to create such VPN on technet.
    >> >>
    >> >>
    >> >>

    >>


  9. #9
    Bill Kearney Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    > Its quite surprising to read that SITE-To-SITE VPN will work only when
    > both
    > SITES are using RFC1918 addresses, that is, private ip addresses.


    It's not surprising at all. If you used public addresses you'd raise the
    risk of incorrect routing. There'd be the chance that hosts on one side of
    the link would start using the link as a transport for ALL traffic instead
    of using the local internet uplink.


  10. #10
    Phillip Windell Guest

    Re: SITE-To-SITE VPN using Windows Server 2003 Standard

    "Bill Kearney" <wkearney99@hotmail.com> wrote in message
    news:Pb2dnUf-9JzAGcLUnZ2dnUVZ_t7inZ2d@speakeasy.net...
    >> Its quite surprising to read that SITE-To-SITE VPN will work only when
    >> both
    >> SITES are using RFC1918 addresses, that is, private ip addresses.

    >
    > It's not surprising at all. If you used public addresses you'd raise the
    > risk of incorrect routing. There'd be the chance that hosts on one side
    > of the link would start using the link as a transport for ALL traffic
    > instead of using the local internet uplink.


    Adding to that,...the public IP#s on the LAN (assuming on both LANs) would
    make the VPN pointless since everything could be directly routed without the
    VPN as long as the Firewall's ACLs would allow it. In such situations with
    Publically addressed LANs firewalls typically do not use NAT, and just run
    ACLs.

    If it was one Public LAN and one Private LAN,..I'm not sure,...might be
    screwed there. Might need a different VPN solution what wasn't limited to
    Private addresses like that.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------



Similar Threads

  1. Replies: 4
    Last Post: 27-01-2011, 09:15 PM
  2. Replies: 2
    Last Post: 28-10-2010, 01:56 PM
  3. Upgrade from SBS 2003 to Windows Server 2003 Standard
    By Tahseen Shahzad in forum Small Business Server
    Replies: 5
    Last Post: 11-01-2010, 02:42 PM
  4. HP Nas server not working - Windows server 2003 Standard Edition
    By prajeethpj1 in forum Windows Software
    Replies: 2
    Last Post: 27-09-2009, 11:15 AM
  5. Migrate server 2003 to new machine in site
    By Stu in forum Windows Server Help
    Replies: 10
    Last Post: 22-11-2008, 10:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •