RRAS 2003 can create Tunnels?

Discussion in 'Server Networking' started by Ammar, May 1, 2006.

  1. Ammar

    Ammar Guest

    Dears

    I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
    need to connect this site to another site.My ISP wants me to buy a Csico
    Router and create a tunnel with source IP =10.x.x.x and destination IP =
    192.X.X.X (their IP) .

    i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,

    I want to create this tunnel through the RRAS 2003 ,Can i?


    In other words ,in cisco routers you can write the below code:
    -interface tunnel
    -Tunnel IP
    -Tunnel Source
    -Tunnel Destination
     
    Ammar, May 1, 2006
    #1
    1. Advertisements

  2. Hey Ammar,

    I believe for RRAS to soley be your site-to-site VPN solution from server to
    server I BELIEVE you need a ISA server as well. I know you can have clients
    dial into a RRAS without the need of anything else but GRE open on the
    firewall and Windows Server, but I don't think the same is true for
    site-to-site.

    If price is the concern for not buying the Ciscos, depending on the traffic,
    you can go with a cheaper solution like a WatchGuard. Would be cheaper then
    an ISA server and Cisco solution.

    Good Luck,
     
    Louis Vitiello Jr., May 2, 2006
    #2
    1. Advertisements

  3. Ammar

    Bill Grant Guest

    Hi Louis,

    You can actually do this with two RRAS servers, but it is much easier to
    configure if they are ISA servers. The setup in RRAS is pretty complicated.

    I agree that the OP certainly wouldn't be saving money by installing two
    RRAS or ISA servers (one at each end) to avoid buying a router. And I
    certainly wouldn't recommend trying to run a site to site link on anything
    except a dedicated machine (and certainly not on a DC).
     
    Bill Grant, May 2, 2006
    #3
  4. Ammar

    Ammar Guest

    no Sirs ; you didnt got the point ;

    Now my i want to connect my site to a remote site passing through two
    different ISPs ...

    The two ISP arrange the following setup ;

    The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with source
    10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate at the
    second SP2 network ,and they will handle the traffic there and deliver it to
    my remote site.

    So,they want me to buy a router to create such tunnel.I have RRAS Server in
    the site ,so can this RRAS make such tunnel?
     
    Ammar, May 2, 2006
    #4
  5. Ammar

    Scott Lowe Guest

    As I currently understand the question, RRAS is not going to be able to
    handle one end of a tunnel where the other end is being handled by
    Cisco equipment.

    HTH.
     
    Scott Lowe, May 2, 2006
    #5
  6. In
    Sure, you can do it. But why? Keep in mind you will be creating a tunnel
    between a Windows RRAS and their Cisco router, which is a little more
    difficult to setup.

    Besides, why would you want to waste a Windows machine to do such a thing
    anyway? It's actually much less expensive and more secure to use a Cisco
    router as the ISP is suggesting. Let a Windows server be a Windows server to
    take care of your internal client production needs. Also, if the WIndows
    server is a DC, it is HIGHLY not recommended to do such a thing because of
    the ramifications with AD and DNS.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, I suggest to use OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. This is a direct link to the Microsoft Public
    Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
    to easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject.

    It's easy:
    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Infinite Diversities in Infinite Combinations
    Assimilation Imminent. Resistance is Futile
    "Very funny Scotty. Now, beam down my clothes."

    The only thing in life is change. Anything more is a blackhole consuming
    unnecessary energy. - [Me]
     
    Ace Fekay [MVP], May 3, 2006
    #6
  7. Ammar

    Ammar Guest

    nice ,but how such implementation could worl ,
    you keep saying that this can be done via RRAS2003 but how?



     
    Ammar, May 3, 2006
    #7
  8. Ammar

    Ammar Guest

    yes exactly..can this be done?

     
    Ammar, May 3, 2006
    #8
  9. In
    It will work, but I'm trying to tell you it's difficult to get it properly
    working and it is a WASTE to use a Windows machine for this because it is
    MORE expensive to use a Windows machine and it is NOT recommended especially
    if it is a domain controller or you WILL have future problems with it,
    guaranteed.

    If you want to know, here are some articles that will show you how. Some of
    them are for 2000, but they will work for 2003. Keep in mind, if this
    machine is a domain controller and/or a DNS server, YOU WILL HAVE PROBLEMS.

    249278 - Windows VPN Compatibility with Cisco VPN:
    http://support.microsoft.com/?kbid=249278

    810761 - White Papers Microsoft VPN White Papers:
    http://support.microsoft.com/?id=810761

    Configure Packet Filter Support for PPTP VPN Clients:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310111&sd=tech

    Deploying Site-to-Site VPNs:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndpls2.mspx

    L2TP-based remote access VPN deployment:
    http://search.microsoft.com/gomsuri.../proddocs/entserver/sag_RASS_scen_l2tp_rc.asp

    PPTP-based remote access VPN deployment:
    http://search.microsoft.com/gomsuri.../proddocs/entserver/sag_RASS_scen_pptp_rc.asp

    Q317025 - You Cannot Connect to the Internet After You Connect to a VPN
    Server:
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q317025&

    Setting up a VPN Infrastructure for Remote Access and Site-to-Site Routing:
    http://search.microsoft.com/gomsuri...t/itcommunity/chats/trans/network/vpn1120.asp

    Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection
    in a Test Lab:
    http://www.microsoft.com/downloads/...8e-f745-4450-b671-aac2c79568eb&DisplayLang=en

    Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab:
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/RmoteVPN.asp

    Troubleshooting remote access VPNs:
    http://search.microsoft.com/gomsuri...server2003/proddocs/standard/sag_VPN_tr03.asp

    Troubleshooting router-to-router VPNs:
    http://search.microsoft.com/gomsuri...erver2003/proddocs/entserver/sag_VPN_tr06.asp

    Virtual Private Networking on Microsoft Windows 2000 [Virtual Private
    Networks, VPN]:
    http://labmice.techtarget.com/networking/vpn.htm

    Virtual Private Networking with Windows 2000 Deploying Remote Access VPNs:
    http://search.microsoft.com/gomsuri...tsolutions/network/deploy/depovg/vpndeply.asp

    Virtual Private Networking with Windows 2000 Deploying Router-to-Router
    VPNs:
    http://search.microsoft.com/gomsuri...tsolutions/network/deploy/depovg/vpnroute.asp

    VPN and PPP Download Page - lots of stuff here:
    http://support.bumc.bu.edu/vpn_ppp/download.htm

    VPN remote access for employees:
    http://search.microsoft.com/gomsuri...er2003/proddocs/entserver/sag_RRAS-Ch1_96.asp

    Ace
     
    Ace Fekay [MVP], May 3, 2006
    #9
  10. Ammar

    Scott Lowe Guest

    Ace thinks we can do this using IPSec (i.e., establish an IPSec tunnel
    between an RRAS box and a Cisco router), PPTP, or L2TP over IPSec; I've
    never had any success with that sort of arrangement, but that's not to
    say that it can't be done. Really, the only answer we can give is,
    "Maybe."

    If the ISP wants to do something like GRE (Generic Routing
    Encapsulation) encrypted by IPSec in transport mode (a pretty common
    configuration in the Cisco world for a variety of reasons), then I
    don't know of *any* way to make that work with RRAS. If the ISP is
    more interested in an IPSec tunnel, then I suppose it's possible--yes,
    IPSec is supported by Windows, but that level of "support" varies with
    what exactly you are trying to do.

    Can you give us any additional detail on what, exactly, the ISP is
    interested in doing? There are many kinds of tunnels...we'll need more
    specific details.

    BTW, let me echo Ace's comments elsewhere in this thread...we *might*
    be able to make this work, but you'd be a lot better off to buy a Cisco
    router (even a used one from eBay!) and go that route.
     
    Scott Lowe, May 4, 2006
    #10
  11. In
    :)
     
    Ace Fekay [MVP], May 5, 2006
    #11
  12. Ammar

    suresh India Guest

     
    suresh India, Jun 19, 2007
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.