Site to Site VPN with Windows Server 2003

Discussion in 'Server Networking' started by Dominik Rappaport, Oct 2, 2005.

  1. Dear All,



    I am freshman to VPN and just to make sure I understand that correctly I
    would like to ask as follows:



    If I create a site to site VPN connection with Windows Server 2003 Routing
    and Remote Access Service then I go through the "Add dial on demand network
    interface" wizard. It asks me for the public IP address of the remote router
    and the user name it will pass when connecting. Then I can create a static
    route and enter the network address and subnet mask of the remote network.
    After that the wizard has created a static route assigned to the VPN
    interface. It creates an entry under IP-Routing > General and last but not
    least an entry under network interfaces with type "dial on demand".



    What I do not understand is if the remote router initiates the connections
    how does the RRAS service know that this incoming connection corresponds to
    the VPN connection I created as mentioned above. For example the route to
    the remote network has to be assigned to it. Or is it necessary that for a
    bidirectional connection two VPN connections have to be established, one for
    each direction? Wouldn't that be very inefficient?
     
    Dominik Rappaport, Oct 2, 2005
    #1
    1. Advertisements

  2. Dominik Rappaport

    Bill Grant Guest

    Yes, that is the key to it. The RRAS server identifies the incoming call
    by its username. If the username matches one of its demand-dial interface
    names, it connects to that interface and the routes linked to that interface
    are activated. You then have a routed connection between the sites.

    If the username does not match the name of any demand-dial interface,
    the connection is made to the default "internal" interface. In this case it
    only sets up a host route back to the calling machine. (That means is sets
    up a normal client-server connection, not a router to router connection).
    Only the calling machine can use the link, not the workstations on its
    subnet.
     
    Bill Grant, Oct 3, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.