What type of VPN?

Hi,

Now we know using VPN is the solution for our "wishes" but could anyone tell
us what type of VPN shall we need?

FYI, we have two working locations and both have a router for DSL
connection. One location has Windows 2003 and the other location only has
XP Pro machines.

All client computers belong to the same domain even they cannot access to
each other at a remote location at this time (which is what we wish to
accomplish), but they can access to the intranet domain and shared folders
if the physical machines have been moved to the location where has the
domain and using the intranet.

The question is which type of VPN should we use when we using VPN
configuration wizard of Win 2003?

Our best guess is either VPN and NAT or site-to-site, but the later one
seems to require both locations to have a Win 2003 server.

Thanks for your suggestions.

if both sites' routers have IPSec feature, you can setup IPSec VPN between two sites. If not, setup Windows 2003 as VPN server. This link may help,

vpn solutions VPN Solutions. 1. Peer to Peer VPN 2. Client to Server VPN 3. Site to Site VPN 4. IPSec VPN 5. Exporting VPN Client Settings ...
www.chicagotech.net/vpnsolutions.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"xfile" <cou-(E-Mail Removed)> wrote in message news:eW%(E-Mail Removed)...
Hi,

Now we know using VPN is the solution for our "wishes" but could anyone tell
us what type of VPN shall we need?

FYI, we have two working locations and both have a router for DSL
connection. One location has Windows 2003 and the other location only has
XP Pro machines.

All client computers belong to the same domain even they cannot access to
each other at a remote location at this time (which is what we wish to
accomplish), but they can access to the intranet domain and shared folders
if the physical machines have been moved to the location where has the
domain and using the intranet.

The question is which type of VPN should we use when we using VPN
configuration wizard of Win 2003?

Our best guess is either VPN and NAT or site-to-site, but the later one
seems to require both locations to have a Win 2003 server.

Thanks for your suggestions.

"xfile" <cou-(E-Mail Removed)> wrote in message
news:eW%(E-Mail Removed)...
> Our best guess is either VPN and NAT or site-to-site, but the later one
> seems to require both locations to have a Win 2003 server.

Site-to-Site is the *only* option. Do what it takes to accomplish that. If
you skimp on $$$ then you will get exactly what you pay for. You will need
another server over there for a DC anyway. You need a DC at each location
if you ever expect this to work half-way decently.

VPN is a "slow" link. You must configure Active Directory to work with it.
Normally AD works with fast LAN links, not slow WAN links. You have to
create 2 "Site Objects" that represent the two physical sites. The DC of
each physical site must be part of the corresponding AD Site. The Site
Object in AD is what controls the "replication" over the slow WAN link.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Hi,

Thanks for the tip and we're studying it now.

Will consult if any more questions arise.

Thanks again.
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
if both sites' routers have IPSec feature, you can setup IPSec VPN between two sites. If not, setup Windows 2003 as VPN server. This link may help,

vpn solutions VPN Solutions. 1. Peer to Peer VPN 2. Client to Server VPN 3. Site to Site VPN 4. IPSec VPN 5. Exporting VPN Client Settings ....
www.chicagotech.net/vpnsolutions.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"xfile" <cou-(E-Mail Removed)> wrote in message news:eW%(E-Mail Removed)...
Hi,

Now we know using VPN is the solution for our "wishes" but could anyone tell
us what type of VPN shall we need?

FYI, we have two working locations and both have a router for DSL
connection. One location has Windows 2003 and the other location only has
XP Pro machines.

All client computers belong to the same domain even they cannot access to
each other at a remote location at this time (which is what we wish to
accomplish), but they can access to the intranet domain and shared folders
if the physical machines have been moved to the location where has the
domain and using the intranet.

The question is which type of VPN should we use when we using VPN
configuration wizard of Win 2003?

Our best guess is either VPN and NAT or site-to-site, but the later one
seems to require both locations to have a Win 2003 server.

Thanks for your suggestions.

Hi,

Thanks for the suggestions.

Will study further for the requirements of site-to-site.

However, money is an issue for us as we are a small company.

Will consult if any questions arise.

Many thanks.
"Phillip Windell" <@.> wrote in message
news:%23R%(E-Mail Removed)...
> "xfile" <cou-(E-Mail Removed)> wrote in message
> news:eW%(E-Mail Removed)...
>> Our best guess is either VPN and NAT or site-to-site, but the later one
>> seems to require both locations to have a Win 2003 server.
>
> Site-to-Site is the *only* option. Do what it takes to accomplish that. If
> you skimp on $$$ then you will get exactly what you pay for. You will
> need
> another server over there for a DC anyway. You need a DC at each location
> if you ever expect this to work half-way decently.
>
> VPN is a "slow" link. You must configure Active Directory to work with
> it.
> Normally AD works with fast LAN links, not slow WAN links. You have to
> create 2 "Site Objects" that represent the two physical sites. The DC of
> each physical site must be part of the corresponding AD Site. The Site
> Object in AD is what controls the "replication" over the slow WAN link.
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>