hardware vpn site-to-site

Hi all,

I intend to connect two sites, siteA using sbs2003 and siteB using srv2003.
sbs2003 and srv2003 are on the same domain, srv2003 is just another DC.
Most of the sites' files will be held on their respective servers, but
exchange and sherepoint will be used on sbs2003 for both files.
So the idea is to connect the two sites using hardware vpn site-to-site. The
hardware is already there (still in the box): linksys rv042 vpn routers.
Both sites have ADSL connections with static IP address.
It seems that establishing the connection between the routers is quite easy,
using the linksys built-in web interface, but then what ?
- Usually, when no VPN is necessary, I just connect directly the ADSL modem
to a second NIC in the server, and then use NAT from the server, but here I
don't know in which order I have to connect the devices! I suppose the VPN
router has to be connected between the server and the ADSL modem ?
- Regarding thedefault gateway, do I have to input the ADSL modem address,
or the VPN's ?
Of course, not only should the VPN work, but also internet access has to be
kept (on both sides), how can I handle this?

Sorry for all these basic questions, but I'm very new with VPNs, although
microsoft documented some nice explanation about VPN site-to-site, it is
only for software VPNs, using the functionalities of Windows server. I think
the config is rather different with hardware routers.

Any help would be greatly appreciated!

Kind regards,

Thomas

a lot issues in this post. but let us focus on the VPN.

1. Since this is hardware site to site VPN, can you ping each by ip?

2. If you also enable the NAT, make sure you don't block the VPN traffic. what's the problem. we need more details to help.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"Chuck Maurice" <(E-Mail Removed)> wrote in message news:uh0SJ%(E-Mail Removed)...
Hi all,

I intend to connect two sites, siteA using sbs2003 and siteB using srv2003.
sbs2003 and srv2003 are on the same domain, srv2003 is just another DC.
Most of the sites' files will be held on their respective servers, but
exchange and sherepoint will be used on sbs2003 for both files.
So the idea is to connect the two sites using hardware vpn site-to-site. The
hardware is already there (still in the box): linksys rv042 vpn routers.
Both sites have ADSL connections with static IP address.
It seems that establishing the connection between the routers is quite easy,
using the linksys built-in web interface, but then what ?
- Usually, when no VPN is necessary, I just connect directly the ADSL modem
to a second NIC in the server, and then use NAT from the server, but here I
don't know in which order I have to connect the devices! I suppose the VPN
router has to be connected between the server and the ADSL modem ?
- Regarding thedefault gateway, do I have to input the ADSL modem address,
or the VPN's ?
Of course, not only should the VPN work, but also internet access has to be
kept (on both sides), how can I handle this?

Sorry for all these basic questions, but I'm very new with VPNs, although
microsoft documented some nice explanation about VPN site-to-site, it is
only for software VPNs, using the functionalities of Windows server. I think
the config is rather different with hardware routers.

Any help would be greatly appreciated!

Kind regards,

Thomas

Hi Robert,

For now, the connection is not established, i'm just preparing and figuring
how it will work... Actually, I think the easiest part will be establishing
the tunnel between the two routers.
But I am not sure how to connect these routers,
- to the 2nd NIC of the servers?
- to the network swich?
And then, do I have to set up any static routes somewhere? I suppose so, as
some of the traffic has to go to the Internet, some other has to go through
the VPN...

You see, basic questions, but I'm very new with this!

Thanks in advance for your help.





"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
a lot issues in this post. but let us focus on the VPN.

1. Since this is hardware site to site VPN, can you ping each by ip?

2. If you also enable the NAT, make sure you don't block the VPN traffic.
what's the problem. we need more details to help.

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
"Chuck Maurice" <(E-Mail Removed)> wrote in message
news:uh0SJ%(E-Mail Removed)...
Hi all,

I intend to connect two sites, siteA using sbs2003 and siteB using srv2003.
sbs2003 and srv2003 are on the same domain, srv2003 is just another DC.
Most of the sites' files will be held on their respective servers, but
exchange and sherepoint will be used on sbs2003 for both files.
So the idea is to connect the two sites using hardware vpn site-to-site. The
hardware is already there (still in the box): linksys rv042 vpn routers.
Both sites have ADSL connections with static IP address.
It seems that establishing the connection between the routers is quite easy,
using the linksys built-in web interface, but then what ?
- Usually, when no VPN is necessary, I just connect directly the ADSL modem
to a second NIC in the server, and then use NAT from the server, but here I
don't know in which order I have to connect the devices! I suppose the VPN
router has to be connected between the server and the ADSL modem ?
- Regarding thedefault gateway, do I have to input the ADSL modem address,
or the VPN's ?
Of course, not only should the VPN work, but also internet access has to be
kept (on both sides), how can I handle this?

Sorry for all these basic questions, but I'm very new with VPNs, although
microsoft documented some nice explanation about VPN site-to-site, it is
only for software VPNs, using the functionalities of Windows server. I think
the config is rather different with hardware routers.

Any help would be greatly appreciated!

Kind regards,

Thomas

Assuming you want to maintain your Topology with out any real changes, you
will no longer use any duel-nic server. The VPN boxes will physically
replace them. They will act as both the Internet Firewalls and the VPN
Servers at the same time. The Default Gateway of each LAN (assuming single
subnet) will become the NAT/VPN Device on their own end. Since the VPN Boxes
will already be the Default Gateways, there will be no need for any "static
routes" anywhere.

The private IP#s of *both* LANs must be configured into the *both* NAT
Device's Local Address Tables so they they understand that these IP Ranges
are considered "local-private-internal" addresses and not something out on
the Internet.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Chuck Maurice" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Robert,
>
> For now, the connection is not established, i'm just preparing and
figuring
> how it will work... Actually, I think the easiest part will be
establishing
> the tunnel between the two routers.
> But I am not sure how to connect these routers,
> - to the 2nd NIC of the servers?
> - to the network swich?
> And then, do I have to set up any static routes somewhere? I suppose so,
as
> some of the traffic has to go to the Internet, some other has to go
through
> the VPN...
>
> You see, basic questions, but I'm very new with this!
>
> Thanks in advance for your help.
>
>
>
>
>
> "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> a lot issues in this post. but let us focus on the VPN.
>
> 1. Since this is hardware site to site VPN, can you ping each by ip?
>
> 2. If you also enable the NAT, make sure you don't block the VPN traffic.
> what's the problem. we need more details to help.
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
> "Chuck Maurice" <(E-Mail Removed)> wrote in message
> news:uh0SJ%(E-Mail Removed)...
> Hi all,
>
> I intend to connect two sites, siteA using sbs2003 and siteB using
srv2003.
> sbs2003 and srv2003 are on the same domain, srv2003 is just another DC.
> Most of the sites' files will be held on their respective servers, but
> exchange and sherepoint will be used on sbs2003 for both files.
> So the idea is to connect the two sites using hardware vpn site-to-site.
The
> hardware is already there (still in the box): linksys rv042 vpn routers.
> Both sites have ADSL connections with static IP address.
> It seems that establishing the connection between the routers is quite
easy,
> using the linksys built-in web interface, but then what ?
> - Usually, when no VPN is necessary, I just connect directly the ADSL
modem
> to a second NIC in the server, and then use NAT from the server, but here
I
> don't know in which order I have to connect the devices! I suppose the VPN
> router has to be connected between the server and the ADSL modem ?
> - Regarding thedefault gateway, do I have to input the ADSL modem address,
> or the VPN's ?
> Of course, not only should the VPN work, but also internet access has to
be
> kept (on both sides), how can I handle this?
>
> Sorry for all these basic questions, but I'm very new with VPNs, although
> microsoft documented some nice explanation about VPN site-to-site, it is
> only for software VPNs, using the functionalities of Windows server. I
think
> the config is rather different with hardware routers.
>
> Any help would be greatly appreciated!
>
> Kind regards,
>
> Thomas
>
>