Why are you surprised that VPN expects that you use private IPs? That is
the whole point of VPN. As its name suggests, VPN is Virtual Private
Networking. The client appears to be on your private LAN when in fact it is
connecting through the Internet. VPN creates a private address tunnel
through the public network. It does this by encrypting the privately
addressed packets and encapsulating these within a publicly addressed
wrapper.
For site to site VPN to work there must be a connection between the two
sites to carry the encrypted and encapsulated data. If both sites have an
Internet connection, that will do the trick. Whether they are behind an ISP
firewall or not should not affect your connection unless the firewall blocks
a port of protocol which VPN needs. {One such is that you cannot use PPTP if
your ISP blocks GRE (IP protocol 47)}. The firewall does not affect normal
file sharing because the packets are encrypted and encapsulated when they
pass through the firewall.
Site to site VPN is designed to allow two privately addressed sites to
route through a VPN connection across another network (such as the
Internet). Only the routers have public IP addresses. Both LANs use private
IP addresses and they must be in different IP subnets. When you configure
the routers you assign static routes for the private LANs to the demand-dial
interfaces used in the connection. When the connection is made, these routes
are added to the routing table. Each router now has a static route to the
"other" site through the VPN link.
When the link is up it behaves like a (slow) IP router. All traffic
addressed to the other IP subnet is sent through the tunnel to the other
site. It is then delivered on the LAN at the second site.
If you want to securely connect machines which have public IPs you
would normally use IPSec tunnels, not VPN.
"S H A R I Q U E" <(E-Mail Removed)> wrote in message
news:1B57AF30-8BEF-4296-9285-(E-Mail Removed)...
> Its quite surprising to read that SITE-To-SITE VPN will work only when
> both
> SITES are using RFC1918 addresses, that is, private ip addresses.
> During VPN configuration wizard, it ask which interface is associated with
> PUBLIC ADDRESS, we select that and leave private interface intact. In this
> case, how can a calling router detect answering when both are using
> PRIVATE
> IP ADDRESSES, since both are behind ISP firewall. Do i need to involve ISP
> to
> allow me define static route across public ip address to private ip
> address.
> BOth Servers are default gateway in my scenario.First one is member
> server(calling router) and second one(answering router) is in workgroup.
>
> regards
>
>
> "Bill Grant" wrote:
>
>> Both sites must be using private IP addresses or the site to site won't
>> work. What the link does in tunnel the private IP addresses through the
>> public connection between the sites.
>>
>> The setup documents usually assume that the RRAS routers are connected
>> to
>> the Internet and are the default geteway routers for the site. Other
>> configs
>> are possible but you then have to sort out the routing for yourself. If
>> the
>> RRAS servers are the default gateway routers for the site, routing
>> between
>> sites is automatic. RRAS looks after the site to site routing an the
>> traffic
>> which needs to go through the tunnel gets to the VPN router by default.
>>
>> Without a domain the routing will work but name resolution and file
>> sharing are a headache.
>>
>>
>> "S H A R I Q U E" <(E-Mail Removed)> wrote in message
>> news:BC8DF69C-F41E-4458-A7C3-(E-Mail Removed)...
>> > ok....i have read the document...but issue is that Both SITES are using
>> > Private IP addresses or they are behind ISP Firewall ...in this
>> > scenarion
>> > is
>> > it possible to create SITE-To-SITE or RemoteAccess VPN using private ip
>> > addresses...
>> >
>> >
>> > "Meinolf Weber [MVP-DS]" wrote:
>> >
>> >> Hello S H A R I Q U E,
>> >>
>> >> Should work, but without a domain you have centralized authentication
>> >> options.
>> >>
>> >> Best regards
>> >>
>> >> Meinolf Weber
>> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> >> confers
>> >> no rights.
>> >> ** Please do NOT email, only reply to Newsgroups
>> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>> >>
>> >>
>> >> > Well....Great...last thing i wana know that IS IT POSSIBLE THAT BOTH
>> >> > SERVERS BE IN WORKGROUP MODEL TO CONFIGURE SITE-TO-SITE VPN?
>> >> >
>> >> > "Meinolf Weber [MVP-DS]" wrote:
>> >> >
>> >> >> Hello S H A R I Q U E,
>> >> >>
>> >> >> See here for starting:
>> >> >> http://technet.microsoft.com/en-us/l.../cc758232.aspx
>> >> >> http://technet.microsoft.com/en-us/n.../bb545442.aspx
>> >> >>
>> >> >> Best regards
>> >> >>
>> >> >> Meinolf Weber
>> >> >> Disclaimer: This posting is provided "AS IS" with no warranties,
>> >> >> and
>> >> >> confers
>> >> >> no rights.
>> >> >> ** Please do NOT email, only reply to Newsgroups
>> >> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>> >> >>> Is it possible to create SITE-To-SITE VPN using Windows Server
>> >> >>> 2003
>> >> >>> Standard
>> >> >>> Edition without the use of ISA or any other firewall.?
>> >> >>> Is there any article to create such VPN on technet.
>> >>
>> >>
>> >>
>>
Similar Threads
Linear Mode
