RRAS 2003 can create Tunnels?

Discussion in 'Server Networking' started by Ammar, May 1, 2006.

  1. Ammar

    Ammar Guest


    I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
    need to connect this site to another site.My ISP wants me to buy a Csico
    Router and create a tunnel with source IP =10.x.x.x and destination IP =
    192.X.X.X (their IP) .

    i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,

    I want to create this tunnel through the RRAS 2003 ,Can i?

    In other words ,in cisco routers you can write the below code:
    -interface tunnel
    -Tunnel IP
    -Tunnel Source
    -Tunnel Destination
    Ammar, May 1, 2006
    1. Advertisements

  2. Hey Ammar,

    I believe for RRAS to soley be your site-to-site VPN solution from server to
    server I BELIEVE you need a ISA server as well. I know you can have clients
    dial into a RRAS without the need of anything else but GRE open on the
    firewall and Windows Server, but I don't think the same is true for

    If price is the concern for not buying the Ciscos, depending on the traffic,
    you can go with a cheaper solution like a WatchGuard. Would be cheaper then
    an ISA server and Cisco solution.

    Good Luck,
    Louis Vitiello Jr., May 2, 2006
    1. Advertisements

  3. Ammar

    Bill Grant Guest

    Hi Louis,

    You can actually do this with two RRAS servers, but it is much easier to
    configure if they are ISA servers. The setup in RRAS is pretty complicated.

    I agree that the OP certainly wouldn't be saving money by installing two
    RRAS or ISA servers (one at each end) to avoid buying a router. And I
    certainly wouldn't recommend trying to run a site to site link on anything
    except a dedicated machine (and certainly not on a DC).
    Bill Grant, May 2, 2006
  4. Ammar

    Ammar Guest

    no Sirs ; you didnt got the point ;

    Now my i want to connect my site to a remote site passing through two
    different ISPs ...

    The two ISP arrange the following setup ;

    The gave me an IP ,and they want me to create a tunnel with source and destination ,this tunnel will terminate at the
    second SP2 network ,and they will handle the traffic there and deliver it to
    my remote site.

    So,they want me to buy a router to create such tunnel.I have RRAS Server in
    the site ,so can this RRAS make such tunnel?
    Ammar, May 2, 2006
  5. Ammar

    Scott Lowe Guest

    As I currently understand the question, RRAS is not going to be able to
    handle one end of a tunnel where the other end is being handled by
    Cisco equipment.

    Scott Lowe, May 2, 2006
  6. In
    Sure, you can do it. But why? Keep in mind you will be creating a tunnel
    between a Windows RRAS and their Cisco router, which is a little more
    difficult to setup.

    Besides, why would you want to waste a Windows machine to do such a thing
    anyway? It's actually much less expensive and more secure to use a Cisco
    router as the ISP is suggesting. Let a Windows server be a Windows server to
    take care of your internal client production needs. Also, if the WIndows
    server is a DC, it is HIGHLY not recommended to do such a thing because of
    the ramifications with AD and DNS.


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.

    It's easy:
    How to Configure OEx for Internet News

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Infinite Diversities in Infinite Combinations
    Assimilation Imminent. Resistance is Futile
    "Very funny Scotty. Now, beam down my clothes."

    The only thing in life is change. Anything more is a blackhole consuming
    unnecessary energy. - [Me]
    Ace Fekay [MVP], May 3, 2006
  7. Ammar

    Ammar Guest

    nice ,but how such implementation could worl ,
    you keep saying that this can be done via RRAS2003 but how?

    Ammar, May 3, 2006
  8. Ammar

    Ammar Guest

    yes exactly..can this be done?

    Ammar, May 3, 2006
  9. In
    It will work, but I'm trying to tell you it's difficult to get it properly
    working and it is a WASTE to use a Windows machine for this because it is
    MORE expensive to use a Windows machine and it is NOT recommended especially
    if it is a domain controller or you WILL have future problems with it,

    If you want to know, here are some articles that will show you how. Some of
    them are for 2000, but they will work for 2003. Keep in mind, if this
    machine is a domain controller and/or a DNS server, YOU WILL HAVE PROBLEMS.

    249278 - Windows VPN Compatibility with Cisco VPN:

    810761 - White Papers Microsoft VPN White Papers:

    Configure Packet Filter Support for PPTP VPN Clients:

    Deploying Site-to-Site VPNs:

    L2TP-based remote access VPN deployment:

    PPTP-based remote access VPN deployment:

    Q317025 - You Cannot Connect to the Internet After You Connect to a VPN

    Setting up a VPN Infrastructure for Remote Access and Site-to-Site Routing:

    Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection
    in a Test Lab:

    Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab:

    Troubleshooting remote access VPNs:

    Troubleshooting router-to-router VPNs:

    Virtual Private Networking on Microsoft Windows 2000 [Virtual Private
    Networks, VPN]:

    Virtual Private Networking with Windows 2000 Deploying Remote Access VPNs:

    Virtual Private Networking with Windows 2000 Deploying Router-to-Router

    VPN and PPP Download Page - lots of stuff here:

    VPN remote access for employees:

    Ace Fekay [MVP], May 3, 2006
  10. Ammar

    Scott Lowe Guest

    Ace thinks we can do this using IPSec (i.e., establish an IPSec tunnel
    between an RRAS box and a Cisco router), PPTP, or L2TP over IPSec; I've
    never had any success with that sort of arrangement, but that's not to
    say that it can't be done. Really, the only answer we can give is,

    If the ISP wants to do something like GRE (Generic Routing
    Encapsulation) encrypted by IPSec in transport mode (a pretty common
    configuration in the Cisco world for a variety of reasons), then I
    don't know of *any* way to make that work with RRAS. If the ISP is
    more interested in an IPSec tunnel, then I suppose it's possible--yes,
    IPSec is supported by Windows, but that level of "support" varies with
    what exactly you are trying to do.

    Can you give us any additional detail on what, exactly, the ISP is
    interested in doing? There are many kinds of tunnels...we'll need more
    specific details.

    BTW, let me echo Ace's comments elsewhere in this thread...we *might*
    be able to make this work, but you'd be a lot better off to buy a Cisco
    router (even a used one from eBay!) and go that route.
    Scott Lowe, May 4, 2006
  11. In
    Ace Fekay [MVP], May 5, 2006
  12. Ammar

    suresh India Guest

    suresh India, Jun 19, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.