RRAS 2003 can create Tunnels?

Dears

I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
need to connect this site to another site.My ISP wants me to buy a Csico
Router and create a tunnel with source IP =10.x.x.x and destination IP =
192.X.X.X (their IP) .

i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,

I want to create this tunnel through the RRAS 2003 ,Can i?


In other words ,in cisco routers you can write the below code:
-interface tunnel
-Tunnel IP
-Tunnel Source
-Tunnel Destination

-------------------------------------------------------------
Cas RRAS substitue the above code and create the tunnel?

I am not sure RRAS will do exact Cisco does, but RRAS is designed to do so.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Ammar" <(E-Mail Removed)> wrote in message news:1ADF8E7A-EF02-48F1-BD17-(E-Mail Removed)...
Dears

I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
need to connect this site to another site.My ISP wants me to buy a Csico
Router and create a tunnel with source IP =10.x.x.x and destination IP =
192.X.X.X (their IP) .

i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,

I want to create this tunnel through the RRAS 2003 ,Can i?


In other words ,in cisco routers you can write the below code:
-interface tunnel
-Tunnel IP
-Tunnel Source
-Tunnel Destination

-------------------------------------------------------------
Cas RRAS substitue the above code and create the tunnel?

Hey Ammar,

I believe for RRAS to soley be your site-to-site VPN solution from server to
server I BELIEVE you need a ISA server as well. I know you can have clients
dial into a RRAS without the need of anything else but GRE open on the
firewall and Windows Server, but I don't think the same is true for
site-to-site.

If price is the concern for not buying the Ciscos, depending on the traffic,
you can go with a cheaper solution like a WatchGuard. Would be cheaper then
an ISA server and Cisco solution.

Good Luck,
--
Louis Vitiello Jr.
------------------------------
MCSE, MCSA, MCP, A+/N+
ERCP XP Pro / Net Concepts




"Ammar" <(E-Mail Removed)> wrote in message
news:1ADF8E7A-EF02-48F1-BD17-(E-Mail Removed)...
> Dears
>
> I have a site with RRAS Server 2003 .My ISP give me an IP from 10 class.I
> need to connect this site to another site.My ISP wants me to buy a Csico
> Router and create a tunnel with source IP =10.x.x.x and destination IP =
> 192.X.X.X (their IP) .
>
> i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose ,
>
> I want to create this tunnel through the RRAS 2003 ,Can i?
>
>
> In other words ,in cisco routers you can write the below code:
> -interface tunnel
> -Tunnel IP
> -Tunnel Source
> -Tunnel Destination
>
> -------------------------------------------------------------
> Cas RRAS substitue the above code and create the tunnel?

Hi Louis,

You can actually do this with two RRAS servers, but it is much easier to
configure if they are ISA servers. The setup in RRAS is pretty complicated.

I agree that the OP certainly wouldn't be saving money by installing two
RRAS or ISA servers (one at each end) to avoid buying a router. And I
certainly wouldn't recommend trying to run a site to site link on anything
except a dedicated machine (and certainly not on a DC).

Louis Vitiello Jr. wrote:
> Hey Ammar,
>
> I believe for RRAS to soley be your site-to-site VPN solution from
> server to server I BELIEVE you need a ISA server as well. I know you
> can have clients dial into a RRAS without the need of anything else
> but GRE open on the firewall and Windows Server, but I don't think
> the same is true for site-to-site.
>
> If price is the concern for not buying the Ciscos, depending on the
> traffic, you can go with a cheaper solution like a WatchGuard. Would
> be cheaper then an ISA server and Cisco solution.
>
> Good Luck,
>
> "Ammar" <(E-Mail Removed)> wrote in message
> news:1ADF8E7A-EF02-48F1-BD17-(E-Mail Removed)...
>> Dears
>>
>> I have a site with RRAS Server 2003 .My ISP give me an IP from 10
>> class.I need to connect this site to another site.My ISP wants me
>> to buy a Csico Router and create a tunnel with source IP =10.x.x.x
>> and destination IP = 192.X.X.X (their IP) .
>>
>> i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose
>> , I want to create this tunnel through the RRAS 2003 ,Can i?
>>
>>
>> In other words ,in cisco routers you can write the below code:
>> -interface tunnel
>> -Tunnel IP
>> -Tunnel Source
>> -Tunnel Destination
>>
>> -------------------------------------------------------------
>> Cas RRAS substitue the above code and create the tunnel?

no Sirs ; you didnt got the point ;

Now my i want to connect my site to a remote site passing through two
different ISPs ...

The two ISP arrange the following setup ;

The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with source
10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate at the
second SP2 network ,and they will handle the traffic there and deliver it to
my remote site.

So,they want me to buy a router to create such tunnel.I have RRAS Server in
the site ,so can this RRAS make such tunnel?

"Bill Grant" wrote:

> Hi Louis,
>
> You can actually do this with two RRAS servers, but it is much easier to
> configure if they are ISA servers. The setup in RRAS is pretty complicated.
>
> I agree that the OP certainly wouldn't be saving money by installing two
> RRAS or ISA servers (one at each end) to avoid buying a router. And I
> certainly wouldn't recommend trying to run a site to site link on anything
> except a dedicated machine (and certainly not on a DC).
>
> Louis Vitiello Jr. wrote:
> > Hey Ammar,
> >
> > I believe for RRAS to soley be your site-to-site VPN solution from
> > server to server I BELIEVE you need a ISA server as well. I know you
> > can have clients dial into a RRAS without the need of anything else
> > but GRE open on the firewall and Windows Server, but I don't think
> > the same is true for site-to-site.
> >
> > If price is the concern for not buying the Ciscos, depending on the
> > traffic, you can go with a cheaper solution like a WatchGuard. Would
> > be cheaper then an ISA server and Cisco solution.
> >
> > Good Luck,
> >
> > "Ammar" <(E-Mail Removed)> wrote in message
> > news:1ADF8E7A-EF02-48F1-BD17-(E-Mail Removed)...
> >> Dears
> >>
> >> I have a site with RRAS Server 2003 .My ISP give me an IP from 10
> >> class.I need to connect this site to another site.My ISP wants me
> >> to buy a Csico Router and create a tunnel with source IP =10.x.x.x
> >> and destination IP = 192.X.X.X (their IP) .
> >>
> >> i DONT WANT TO BUY A CISCO ROUTER with two ethernet for this purpose
> >> , I want to create this tunnel through the RRAS 2003 ,Can i?
> >>
> >>
> >> In other words ,in cisco routers you can write the below code:
> >> -interface tunnel
> >> -Tunnel IP
> >> -Tunnel Source
> >> -Tunnel Destination
> >>
> >> -------------------------------------------------------------
> >> Cas RRAS substitue the above code and create the tunnel?
>
>
>

On 2006-05-02 01:20:01 -0400, Ammar <(E-Mail Removed)> said:

> no Sirs ; you didnt got the point ;
>
> Now my i want to connect my site to a remote site passing through two
> different ISPs ...
>
> The two ISP arrange the following setup ;
>
> The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with
> source 10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate
> at the second SP2 network ,and they will handle the traffic there and
> deliver it to my remote site.
>
> So,they want me to buy a router to create such tunnel.I have RRAS
> Server in the site ,so can this RRAS make such tunnel?

As I currently understand the question, RRAS is not going to be able to
handle one end of a tunnel where the other end is being handled by
Cisco equipment.

HTH.

--
Regards,
Scott Lowe
ePlus Technology, Inc.

In news:0A569963-2471-4313-A272-(E-Mail Removed),
Ammar <(E-Mail Removed)> stated, which I commented on below:
> no Sirs ; you didnt got the point ;
>
> Now my i want to connect my site to a remote site passing through two
> different ISPs ...
>
> The two ISP arrange the following setup ;
>
> The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with
> source
> 10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate at
> the second SP2 network ,and they will handle the traffic there and
> deliver it to my remote site.
>
> So,they want me to buy a router to create such tunnel.I have RRAS
> Server in the site ,so can this RRAS make such tunnel?
>
> "Bill Grant" wrote:

Sure, you can do it. But why? Keep in mind you will be creating a tunnel
between a Windows RRAS and their Cisco router, which is a little more
difficult to setup.

Besides, why would you want to waste a Windows machine to do such a thing
anyway? It's actually much less expensive and more secure to use a Cisco
router as the ISP is suggesting. Let a Windows server be a Windows server to
take care of your internal client production needs. Also, if the WIndows
server is a DC, it is HIGHLY not recommended to do such a thing because of
the ramifications with AD and DNS.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

nice ,but how such implementation could worl ,
you keep saying that this can be done via RRAS2003 but how?



"Ace Fekay [MVP]" wrote:

> In news:0A569963-2471-4313-A272-(E-Mail Removed),
> Ammar <(E-Mail Removed)> stated, which I commented on below:
> > no Sirs ; you didnt got the point ;
> >
> > Now my i want to connect my site to a remote site passing through two
> > different ISPs ...
> >
> > The two ISP arrange the following setup ;
> >
> > The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with
> > source
> > 10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate at
> > the second SP2 network ,and they will handle the traffic there and
> > deliver it to my remote site.
> >
> > So,they want me to buy a router to create such tunnel.I have RRAS
> > Server in the site ,so can this RRAS make such tunnel?
> >
> > "Bill Grant" wrote:
>
> Sure, you can do it. But why? Keep in mind you will be creating a tunnel
> between a Windows RRAS and their Cisco router, which is a little more
> difficult to setup.
>
> Besides, why would you want to waste a Windows machine to do such a thing
> anyway? It's actually much less expensive and more secure to use a Cisco
> router as the ISP is suggesting. Let a Windows server be a Windows server to
> take care of your internal client production needs. Also, if the WIndows
> server is a DC, it is HIGHLY not recommended to do such a thing because of
> the ramifications with AD and DNS.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
>
> It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only thing in life is change. Anything more is a blackhole consuming
> unnecessary energy. - [Me]
>
>
>

yes exactly..can this be done?

"Scott Lowe" wrote:

> On 2006-05-02 01:20:01 -0400, Ammar <(E-Mail Removed)> said:
>
> > no Sirs ; you didnt got the point ;
> >
> > Now my i want to connect my site to a remote site passing through two
> > different ISPs ...
> >
> > The two ISP arrange the following setup ;
> >
> > The gave me an IP 10.0.0.1 ,and they want me to create a tunnel with
> > source 10.0.0.1 and destination 192.168.0.1 ,this tunnel will terminate
> > at the second SP2 network ,and they will handle the traffic there and
> > deliver it to my remote site.
> >
> > So,they want me to buy a router to create such tunnel.I have RRAS
> > Server in the site ,so can this RRAS make such tunnel?
>
> As I currently understand the question, RRAS is not going to be able to
> handle one end of a tunnel where the other end is being handled by
> Cisco equipment.
>
> HTH.
>
> --
> Regards,
> Scott Lowe
> ePlus Technology, Inc.
>
>

In news:0CE0FFE7-565C-49E1-9694-(E-Mail Removed),
Ammar <(E-Mail Removed)> stated, which I commented on below:
> nice ,but how such implementation could worl ,
> you keep saying that this can be done via RRAS2003 but how?

It will work, but I'm trying to tell you it's difficult to get it properly
working and it is a WASTE to use a Windows machine for this because it is
MORE expensive to use a Windows machine and it is NOT recommended especially
if it is a domain controller or you WILL have future problems with it,
guaranteed.

If you want to know, here are some articles that will show you how. Some of
them are for 2000, but they will work for 2003. Keep in mind, if this
machine is a domain controller and/or a DNS server, YOU WILL HAVE PROBLEMS.

249278 - Windows VPN Compatibility with Cisco VPN:
http://support.microsoft.com/?kbid=249278

810761 - White Papers Microsoft VPN White Papers:
http://support.microsoft.com/?id=810761

Configure Packet Filter Support for PPTP VPN Clients:
http://support.microsoft.com/default...310111&sd=tech

Deploying Site-to-Site VPNs:
http://www.microsoft.com/technet/pro.../vpndpls2.mspx

L2TP-based remote access VPN deployment:
http://search.microsoft.com/gomsuri....en_l2tp_rc.asp

PPTP-based remote access VPN deployment:
http://search.microsoft.com/gomsuri....en_pptp_rc.asp

Q317025 - You Cannot Connect to the Internet After You Connect to a VPN
Server:
http://support.microsoft.com/default...EN-US;Q317025&

Setting up a VPN Infrastructure for Remote Access and Site-to-Site Routing:
http://search.microsoft.com/gomsuri....rk/vpn1120.asp

Step-by-Step Guide for Setting Up a PPTP-based Site-to-Site VPN Connection
in a Test Lab:
http://www.microsoft.com/downloads/d...DisplayLang=en

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab:
http://www.microsoft.com/technet/pro...t/RmoteVPN.asp

Troubleshooting remote access VPNs:
http://search.microsoft.com/gomsuri....g_VPN_tr03.asp

Troubleshooting router-to-router VPNs:
http://search.microsoft.com/gomsuri....g_VPN_tr06.asp

Virtual Private Networking on Microsoft Windows 2000 [Virtual Private
Networks, VPN]:
http://labmice.techtarget.com/networking/vpn.htm

Virtual Private Networking with Windows 2000 Deploying Remote Access VPNs:
http://search.microsoft.com/gomsuri....g/vpndeply.asp

Virtual Private Networking with Windows 2000 Deploying Router-to-Router
VPNs:
http://search.microsoft.com/gomsuri....g/vpnroute.asp

VPN and PPP Download Page - lots of stuff here:
http://support.bumc.bu.edu/vpn_ppp/download.htm

VPN remote access for employees:
http://search.microsoft.com/gomsuri....RAS-Ch1_96.asp

Ace