Point to Point VPN

Hi,



I have two servers sitting in datacenters on the Internet.



I would like to setup a point to point (server to server) VPN connection
between the 2 servers via the internet (on there internet NICs) so that they
can communicate and replicate data.



Could anyone point me in the right direction on how to set this up?



Also what port(s) will be required to be open on the firewall to enable the
VPN??

And are there any "Gotcha's" to watch out for when setting this up??



Kind regards,

Jeremy

Hi,

I cannot find a good article to point you to, however the RRAS help files
are very good in this regard. Under RRAS and help, search on "deploying
demand dial routing". This will give you all the information you need to
set this up.

For PPTP connections you will need to open up TCP 1723 and Protocol 47
(GRE). For L2TP you will need UDP 500 (or 4500 for NAT-T) and protocol 50
and 51.

When you setup the dialup accounts for the Demand Dial connections, I would
suggest using local accounts instead of Domain accounts. This just
simplifies the connections (unless these are DCs. It is best not to use
DCs for RRAS servers if possible). Enable these accounts for Dial in.

The demand dial names and accounts also need to be the same. So if you
have a demand dial with the name CityVPN1 on server 1, you need to use the
account CityVPN1 to connect with on the demand dial connection from server
2 (so server1 will have an account for CityVPN1).. This allows the server
to make the connections so routing works correctly:

Server1
DOD name: CityVPN1 username: CityVPN2 (server1 has account named CityVPN1)

Server2
DOD name: CityVPN2 username: CityVPN1 (server2 has account named CityVPN2)


Also, you will need to setup Static routes on each side so that traffic
from one subnet can be passed across the VPN. If segment 1 is 192.168.1.x
then you need a route on the VPN server on segment 2 that says for traffic
bound to 192.168.1.x, use the demand dial interface. (both sides need
these routes)

This can be setup in RRAS under static routes. Just choose to add a new
static route.





Thank you,
Matthew Fresoli
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

Most firewalls now-a-days have thier own VPN abilities. You may want to
setup a Site-to-Site VPN using the Firewalls at each end. That will open up
more possibilities such as having any server communicate with any other
server on the other end. It would make the two networks behave as a single
LAN with two subnets.

If you only do Host-to-Host VPN then it won't be long before someone asks
you to do more than that and you won't be able to.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Jeremy Byrski" <(E-Mail Removed)> wrote in message
news:%23UdP%(E-Mail Removed)...
> Hi,
>
>
>
> I have two servers sitting in datacenters on the Internet.
>
>
>
> I would like to setup a point to point (server to server) VPN connection
> between the 2 servers via the internet (on there internet NICs) so that
they
> can communicate and replicate data.
>
>
>
> Could anyone point me in the right direction on how to set this up?
>
>
>
> Also what port(s) will be required to be open on the firewall to enable
the
> VPN??
>
> And are there any "Gotcha's" to watch out for when setting this up??
>
>
>
> Kind regards,
>
> Jeremy
>
>

Demand Dial connections between servers will also allow for Lan to Lan
routing.

Thank you,
Matthew Fresoli
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

Yea RRAS can do that too, but I figure why fight with getting it through a
firewall if the firewalls can do it themselves.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Matthew [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Demand Dial connections between servers will also allow for Lan to Lan
> routing.
>
> Thank you,
> Matthew Fresoli
> Microsoft Network Support
> --
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> Note: For the benefit of the community-at-large, all responses to this
> message are best directed to the newsgroup/thread from which they
> originated.
>
>

If you want to do it with RRAS, this tells you how:

http://www.microsoft.com/technet/pro.../vpndpls2.mspx

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

"Jeremy Byrski" <(E-Mail Removed)> wrote in message
news:%23UdP%(E-Mail Removed)...
> Hi,
>
>
>
> I have two servers sitting in datacenters on the Internet.
>
>
>
> I would like to setup a point to point (server to server) VPN connection
> between the 2 servers via the internet (on there internet NICs) so that
they
> can communicate and replicate data.
>
>
>
> Could anyone point me in the right direction on how to set this up?
>
>
>
> Also what port(s) will be required to be open on the firewall to enable
the
> VPN??
>
> And are there any "Gotcha's" to watch out for when setting this up??
>
>
>
> Kind regards,
>
> Jeremy
>
>

Thanks Doug, Matthew and Phillip for you help, I go through what you have
all mentioned, and see which works out best!

Kind regards,
Jeremy


"Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> If you want to do it with RRAS, this tells you how:
>
>
http://www.microsoft.com/technet/pro.../vpndpls2.mspx
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>
> "Jeremy Byrski" <(E-Mail Removed)> wrote in message
> news:%23UdP%(E-Mail Removed)...
> > Hi,
> >
> >
> >
> > I have two servers sitting in datacenters on the Internet.
> >
> >
> >
> > I would like to setup a point to point (server to server) VPN connection
> > between the 2 servers via the internet (on there internet NICs) so that
> they
> > can communicate and replicate data.
> >
> >
> >
> > Could anyone point me in the right direction on how to set this up?
> >
> >
> >
> > Also what port(s) will be required to be open on the firewall to enable
> the
> > VPN??
> >
> > And are there any "Gotcha's" to watch out for when setting this up??
> >
> >
> >
> > Kind regards,
> >
> > Jeremy
> >
> >
>
>

I'll try the non firewall VPN solutions (eg the windows server solutions),
as its a shared datacentre firewall that we use, and we do not have any
management over it though!

Kind regards,
Jeremy


"Jeremy Byrski" <(E-Mail Removed)> wrote in message
news:%23UdP%(E-Mail Removed)...
> Hi,
>
>
>
> I have two servers sitting in datacenters on the Internet.
>
>
>
> I would like to setup a point to point (server to server) VPN connection
> between the 2 servers via the internet (on there internet NICs) so that
they
> can communicate and replicate data.
>
>
>
> Could anyone point me in the right direction on how to set this up?
>
>
>
> Also what port(s) will be required to be open on the firewall to enable
the
> VPN??
>
> And are there any "Gotcha's" to watch out for when setting this up??
>
>
>
> Kind regards,
>
> Jeremy
>
>