Router to connect to RRAS

Not sure if this is the correct forum to post this to but...

I have an RRAS server that is used for incoming VPN connections. I have 2
users at a remote office that I would like to have a small network connected
via a VPN. There will be no server there. Is there a standalone router
that I can get that can connect to a RRAS server and thereby create a VPN
connection to my main office? They will have a broadband connection without
a static IP so using a router to router VPN is not really doable.

Thanks

-Ben

"Ben Bazian" <(E-Mail Removed)> wrote in message
news3CE3724-2F17-4739-99CF-(E-Mail Removed)...
> Not sure if this is the correct forum to post this to but...
>
> I have an RRAS server that is used for incoming VPN connections. I have 2
> users at a remote office that I would like to have a small network
> connected via a VPN. There will be no server there. Is there a
> standalone router that I can get that can connect to a RRAS server and
> thereby create a VPN connection to my main office? They will have a
> broadband connection without a static IP so using a router to router VPN
> is not really doable.
>
> Thanks
>
> -Ben

Not really. To connect two sites you need a router to router VPN link.

The problem is the way a client-server VPN connection works. When you
connect, data gets from client to server because the connection changes the
client's default route to send all traffic through the VPN link. The problem
is getting the reply back to the client from the server. To do this the
server sets up a host route back to the client.

If you put another machine behind the VPN client, getting the traffic
through the VPN link to the server is pretty easy. Getting a reply back is
very hard because the server has no idea where this machine is or how to
reach it. It only has a host route to the machine which established the
connection.

Lack of a static IP is not a problem, especially if you connect from
that end. But you really need matching routers at both sites. It is
theoretically possible to set up a router to router link between RRAS and a
hardware VPN router but it is full of problems. Router to router links
between matching routers, third party or RRAS, is pretty straight forward.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
>
>
> "Ben Bazian" <(E-Mail Removed)> wrote in message
> news3CE3724-2F17-4739-99CF-(E-Mail Removed)...
>> Not sure if this is the correct forum to post this to but...
>>
>> I have an RRAS server that is used for incoming VPN connections. I have
>> 2 users at a remote office that I would like to have a small network
>> connected via a VPN. There will be no server there. Is there a
>> standalone router that I can get that can connect to a RRAS server and
>> thereby create a VPN connection to my main office? They will have a
>> broadband connection without a static IP so using a router to router VPN
>> is not really doable.
>>
>> Thanks
>>
>> -Ben
>
> Not really. To connect two sites you need a router to router VPN link.
>
> The problem is the way a client-server VPN connection works. When you
> connect, data gets from client to server because the connection changes
> the client's default route to send all traffic through the VPN link. The
> problem is getting the reply back to the client from the server. To do
> this the server sets up a host route back to the client.
>
> If you put another machine behind the VPN client, getting the traffic
> through the VPN link to the server is pretty easy. Getting a reply back is
> very hard because the server has no idea where this machine is or how to
> reach it. It only has a host route to the machine which established the
> connection.
>
> Lack of a static IP is not a problem, especially if you connect from
> that end. But you really need matching routers at both sites. It is
> theoretically possible to set up a router to router link between RRAS and
> a hardware VPN router but it is full of problems. Router to router links
> between matching routers, third party or RRAS, is pretty straight forward.
>
>
>
>

If a site to site VPN link is out of the question, your only option is to
connect the remote site to the Internet with a NAT device (such as a DSL
modem/router) and have each client establish its own client-server VPN to
your RRAS server through NAT. Read the small print before you buy. Some
devices only allow one VPN connection to be established from behind the NAT.