cancel
Showing results for 
Search instead for 
Did you mean: 

VPN questions

N/A

VPN questions

Hi,

I have 2 offices, with 2 servers each behind a d-link 604+ adsl router using NAT.

I wish to create a VPN between the two and still allow both end to access the internet.

Office 1:

Server: 192.168.1.02
Router: 192.168.1.01
External IP: zzz.zzz.zzz.zzz

Office 2:

Server 192.168.2.02
Router 192.168.2.01
External IP: yyy.yyy.yyy.yyy

I have windows server 2003 on both servers. I was hopeing the routers themselves could establish a VPN without having to do anything on the servers using RAS. However I cant seem to find a way of doing this.

Can someone please point me in the right direction in what i should be doing / using to get my VPN up and running.

Many Thanks

Gary Howlett
9 REPLIES
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

VPN questions

Hi.

The D-Link router only supports VPN pass-through, which means that it doesn't block VPN traffic. If you want the DSL router to provide a VPN connection, then another model will be needed.

I'm not sure that there is a product which provides DSL, VPN, firewall and wireless.

Anyone?
N/A

VPN questions

Ok so i have to use RAS in windows 2003 and establish a VPN between the two servers yes?

If so the problem i have is how do i get Server 1 and server 2 to see each other to establish the VPN, as they both have non-routable ip addresses?

All help much appreciated,

Regards

Gary
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

VPN questions

I have installed a 604 for a couple of people and if I remember rightly, the included CD contains a tutorial for configuring VPN pass through on this unit?

Regards,
N/A

VPN questions

Hi,

Yes i've turned on VPN pass through which was easy enough, but how to actually make the VPN connection is baffling me.

Is it somthing i do on the router or something i do on the servers?

The router supports Multiple PVC connections. One already exists which is obviously the Internet connection to plus net. It says in the document I can add other PVC's up to a maximum of 8. Is this to do with VPN?

Each connection needs its own VPI, and VCI numbers, also i dont know what encuplation i should be using. (which is another question should i be using PPPoA LLC or PPPoA VC mux when connecting to plus net? )

But if the routers cant set up VPN's direct between them then ok i can use the RAS in windows 2003. I know how to set up VPN if it was server 1 dialing server 2 over a modem as each server can directly see each other. But if im trying to do this over the internet the servers are hidden via NAT.

Sorry but im a little confused. lol If possible I can send anyone the manual for the router if it will help.

Regards

Gary Howlett
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

VPN questions

Hi.

The PVC (Permanent Virtual Circuit) connections refer to point-to-point connections across the ATM network between your telephone line and another "node". Whilst both of your sites are physically conneced to BT's ATM network, the exchange configurations will only allow you to connect to one destination, PlusNet. This approach cannot, therefore, be used to connect them to each other.

To answer your second question, use PPPoA VC Mux (see here for details).

Finally, your need to expose one of your servers to the internet, so that the other can VPN to it. To do this you need to configure a mapping on the router, so that inbound connections are mapped to your internal address, e.g. 192.168.1.2. Warning this potentially leaves your server, and from there the rest of your network, open to attack from "outside". Having estbalished a VPN link berween the two servers, you need to establish a "static route", which sends all traffic destined for the other site via the "local" W2003 server, rather than the router. This is because it is the W2003 server which is encapsulating the VPN traffic, not the xDSL router.

By far the simplest solution is to obtain a pair of DSL routers which themselves provide a VPN connection, however this costs money. You need to offset this against the cost of setting-up and maintaining the more complex W2003 solution.

Regards Smiley
N/A

VPN questions

Many Thanks for all the help so far.

I've also been reading the artical about DMZ in the ADSL forum. If i tell my router to enable DMZ and point it to the VPN server then should VPN then work as it should do? and I simply point client to the address of the router?

Also a note on static routes. Does both offices have to have a static route defined? how are they used in VPN? do the routes have private or public ip's in them?

Sorry all the questions here but im sure ill get there :-)

Thanks Again

Regards

Gary Howlett
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

VPN questions

Hi Gary.

I'm not 100% sure about the VPN configuration on w2003, but you will need to set up the DMZ configuration on each D-Link so that inbound requests on the static IP address, for specific ports only, are forwarded to the internal static IP address on the server. You will need to search the Microsoft KBase to find out which ports are used in VPN (there are two flavours, IPSec and PPTP, so you need to decide which is for you).

Regarding static routes, the VPN configuration on each site will require another local IP address on the w2003 server's LAN interface (a single interface can support many IP addresses). The static route pointing to the "other" site should point to this second, internal, IP address on the "local" site as the "next hop". All packets "dropped into" this pipe will appear out of the LAN interface on the other site. The easiest way to implement this is to use DHCP. Whilst the D-Link can probably do this, it may be better to use w2003, becuase of the integration between the various networking functions of Windows, (IPSec VPN, DHCP, DNS, NTP etc.).

It might be an idea to map out your network topology, document your assumptions and identify the configurations required on each of the components. You should then get this vetted by a networking professional, just to make sure that it logically hangs together, otherwise you might find yourself chasing ghosts for the next six months!

Good luck and Merry XMas Smiley
N/A

VPN questions

Quote
Hi.

The D-Link router only supports VPN pass-through, which means that it doesn't block VPN traffic. If you want the DSL router to provide a VPN connection, then another model will be needed.

I'm not sure that there is a product which provides DSL, VPN, firewall and wireless.

Anyone?


Hi music.

the item you are talking about is the draytek vigor 2600We
check it out at www.zionmedia.co.uk

i've got a regular 2600 where i run a permanent vpn back to my office.
hope that helps! Wink
N/A

Re: VPN questions

Quote
Hi,

I have 2 offices, with 2 servers each behind a d-link 604+ adsl router using NAT.

I wish to create a VPN between the two and still allow both end to access the internet.

Office 1:

Server: 192.168.1.02
Router: 192.168.1.01
External IP: zzz.zzz.zzz.zzz

Office 2:

Server 192.168.2.02
Router 192.168.2.01
External IP: yyy.yyy.yyy.yyy

I have windows server 2003 on both servers. I was hopeing the routers themselves could establish a VPN without having to do anything on the servers using RAS. However I cant seem to find a way of doing this.

Can someone please point me in the right direction in what i should be doing / using to get my VPN up and running.

Many Thanks

Gary Howlett


Gary,
if i am correct in believing you would like the two office networks to see each other (ie, any computer to any computer) then i would suggest the following.

As per my above reply, i would replace your two d-link routers with draytek vigor 2600 (or 2600We if you want the wireless). and establish a Lan2Lan vpn.

The 2600s will then take care of all the routing and internet as well as maintain internet to all computers whilst ensuring the two networks are connected.

In my experience the vigors are pretty rugged and have worked very well for me.

hope that helps! Wink