VPN site-site

Discussion in 'Windows Networking' started by Ben, Dec 20, 2004.

  1. Ben

    Ben Guest

    Hi, Bit of a noob here.. but need to explore setting up a site to site VPN
    for 3 places...

    We are in Australia, and are setting up offices in India and China..
    We want to be able to setup a VPN from each office to the other, eg in a
    triangle..
    Easy in itself, but could I get some suggestions on what would be the best
    options as far as security goes..
    running Win 2k Server here in Aust, will be running either 2k or 2k3 in
    india/china, some sort of VPN router and firewalls in other countries

    what exactly is a necessity, and what would be advisable extra's?

    TIA
    Ben
     
    Ben, Dec 20, 2004
    #1
    1. Advertisements

  2. Put a Windows server in each location and configure L2TP+IPsec
    site-to-site VPNs. I like L2TP+IPsec better than pure IPsec tunnel
    mode because L2TP will create virtual interfaces inside RRAS that you
    can manage, put perfmon counters on, run routing protocols over...just
    like with real NICs. Pure IPsec tunnel mode is more difficult to run
    day-to-day.

    There are step-by-step guides and technical overviews at
    http://www.microsoft.com/vpn.

    Steve Riley
     
    Steve Riley [MSFT], Dec 20, 2004
    #2
    1. Advertisements

  3. Ben

    xfile Guest

    Hi:

    We are a small company with Windows 2003 server and some Windows XP Pro
    system, with a private domain.

    For many reasons, our server is not always on, but currently, all client
    systems are working fine in terms of folder/file sharing even when the
    server is off.

    Right now, we are thinking to set up VPN for people working at remote
    locations, and we are exploring two approaches:

    (1) Through Windows 2003 server, and/or
    (2) Through Windows XP Pro build-in VPN function.


    My question is that if we set up VPN through Windows 2003 server, can client
    systems still access each other when the server is off? Or the server has
    to be on all the time in order for the client system to access each other?

    Many thanks in advance.
     
    xfile, Dec 22, 2004
    #3
  4. I guess it doesn't really matter which OS you use for the VPN server, but
    keep in mind that XP won't allow more than 10 connections.

    Regardless of which OS you use, if you want clients scattered all over the
    place to be able to see each other and exchange files over file shares, you
    will need to leave the VPN server online all the time. You're building a
    "star," where the hub is the VPN server and all of the remote clients connect
    to it. If the server is down, there's no way for the clients to see each
    other, since remote clients never connect directly to each other (and you
    wouldn't want this anyway).

    Steve Riley
     
    Steve Riley [MSFT], Dec 22, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.