RRAS 2003 can create Tunnels?

Dears

I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
need to connect this site to another site.My ISP wants me to buy a Csico
Router and create a tunnel with source IP =10.x.x.x and destination IP =
192.X.X.X (their IP) .

i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,

I want to create this tunnel through the RRAS 2003 ,Can i?


In other words ,in cisco routers you can write the below code:
-interface tunnel
-Tunnel IP
-Tunnel Source
-Tunnel Destination

 

Hey Ammar,

I believe for RRAS to soley be your site-to-site VPN solution from server to
server I BELIEVE you need a ISA server as well. I know you can have clients
dial into a RRAS without the need of anything else but GRE open on the
firewall and Windows Server, but I don't think the same is true for
site-to-site.

If price is the concern for not buying the Ciscos, depending on the traffic,
you can go with a cheaper solution like a WatchGuard. Would be cheaper then
an ISA server and Cisco solution.

Good Luck,

 

Hi Louis,

You can actually do this with two RRAS servers, but it is much easier to
configure if they are ISA servers. The setup in RRAS is pretty complicated.

I agree that the OP certainly wouldn't be saving money by installing two
RRAS or ISA servers (one at each end) to avoid buying a router. And I
certainly wouldn't recommend trying to run a site to site link on anything
except a dedicated machine (and certainly not on a DC).

 

no Sirs ; you didnt got the point ;

Now my i want to connect my site to a remote site passing through two
different ISPs ...

The two ISP arrange the following setup ;

The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with source
10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate at the
second SP2 network ,and they will handle the traffic there and deliver it to
my remote site.

So,they want me to buy a router to create such tunnel.I have RRAS Server in
the site ,so can this RRAS make such tunnel?

 

As I currently understand the question, RRAS is not going to be able to
handle one end of a tunnel where the other end is being handled by
Cisco equipment.

HTH.

 

In

Sure, you can do it. But why? Keep in mind you will be creating a tunnel
between a Windows RRAS and their Cisco router, which is a little more
difficult to setup.

Besides, why would you want to waste a Windows machine to do such a thing
anyway? It's actually much less expensive and more secure to use a Cisco
router as the ISP is suggesting. Let a Windows server be a Windows server to
take care of your internal client production needs. Also, if the WIndows
server is a DC, it is HIGHLY not recommended to do such a thing because of
the ramifications with AD and DNS.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

 

nice ,but how such implementation could worl ,
you keep saying that this can be done via RRAS2003 but how?

 

yes exactly..can this be done?

 

In

It will work, but I'm trying to tell you it's difficult to get it properly
working and it is a WASTE to use a Windows machine for this because it is
MORE expensive to use a Windows machine and it is NOT recommended especially
if it is a domain controller or you WILL have future problems with it,
guaranteed.

If you want to know, here are some articles that will show you how. Some of
them are for 2000, but they will work for 2003. Keep in mind, if this
machine is a domain controller and/or a DNS server, YOU WILL HAVE PROBLEMS.

249278 - Windows VPN Compatibility with Cisco VPN:
http://support.microsoft.com/?kbid=249278

810761 - White Papers Microsoft VPN White Papers:
http://support.microsoft.com/?id=810761

Configure Packet Filter Support for PPTP VPN Clients:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310111&sd=tech

Deploying Site-to-Site VPNs:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndpls2.mspx

L2TP-based remote access VPN deployment:
http://search.microsoft.com/gomsuri.../proddocs/entserver/sag_RASS_scen_l2tp_rc.asp

PPTP-based remote access VPN deployment:
http://search.microsoft.com/gomsuri.../proddocs/entserver/sag_RASS_scen_pptp_rc.asp

Q317025 - You Cannot Connect to the Internet After You Connect to a VPN
Server:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q317025&

Setting up a VPN Infrastructure for Remote Access and Site-to-Site Routing:
http://search.microsoft.com/gomsuri...t/itcommunity/chats/trans/network/vpn1120.asp

Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection
in a Test Lab:
http://www.microsoft.com/downloads/...8e-f745-4450-b671-aac2c79568eb&DisplayLang=en

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/RmoteVPN.asp

Troubleshooting remote access VPNs:
http://search.microsoft.com/gomsuri...server2003/proddocs/standard/sag_VPN_tr03.asp

Troubleshooting router-to-router VPNs:
http://search.microsoft.com/gomsuri...erver2003/proddocs/entserver/sag_VPN_tr06.asp

Virtual Private Networking on Microsoft Windows 2000 [Virtual Private
Networks, VPN]:
http://labmice.techtarget.com/networking/vpn.htm

Virtual Private Networking with Windows 2000 Deploying Remote Access VPNs:
http://search.microsoft.com/gomsuri...tsolutions/network/deploy/depovg/vpndeply.asp

Virtual Private Networking with Windows 2000 Deploying Router-to-Router
VPNs:
http://search.microsoft.com/gomsuri...tsolutions/network/deploy/depovg/vpnroute.asp

VPN and PPP Download Page - lots of stuff here:
http://support.bumc.bu.edu/vpn_ppp/download.htm

VPN remote access for employees:
http://search.microsoft.com/gomsuri...er2003/proddocs/entserver/sag_RRAS-Ch1_96.asp

Ace

 

Ace thinks we can do this using IPSec (i.e., establish an IPSec tunnel
between an RRAS box and a Cisco router), PPTP, or L2TP over IPSec; I've
never had any success with that sort of arrangement, but that's not to
say that it can't be done. Really, the only answer we can give is,
"Maybe."

If the ISP wants to do something like GRE (Generic Routing
Encapsulation) encrypted by IPSec in transport mode (a pretty common
configuration in the Cisco world for a variety of reasons), then I
don't know of *any* way to make that work with RRAS. If the ISP is
more interested in an IPSec tunnel, then I suppose it's possible--yes,
IPSec is supported by Windows, but that level of "support" varies with
what exactly you are trying to do.

Can you give us any additional detail on what, exactly, the ISP is
interested in doing? There are many kinds of tunnels...we'll need more
specific details.

BTW, let me echo Ace's comments elsewhere in this thread...we *might*
be able to make this work, but you'd be a lot better off to buy a Cisco
router (even a used one from eBay!) and go that route.

 

In