+ Post New Thread
Results 1 to 15 of 15
Windows Server 2008 R2 Thread, Whats needed for site to site VPN? in Technical; Hello, I want to create a site to site using windows 2008 DC at both sites. Mainly for active directory ...
  1. #1

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Whats needed for site to site VPN?

    Hello,

    I want to create a site to site using windows 2008 DC at both sites. Mainly for active directory replication.
    I have a CISCO SRP527W model which has some options for VPN. My question is can the router act as the VPN server or do I have to configure a windows server to do all the VPN configure?

    On the CISCO router it has all the options of VPN passthrough enabled. These being PPTP, IPSEC and L2TP enabled. Although no site to site IPSEC policies are defined as yet.

    So if creating a windows 2008 DC at the other site, do I need to configure VPN on the server or just the cisco router alone?

    As far as I know, these are the steps.

    1. Set RRAS server
    2. set up VPN policies on both routers
    3. Set up primary DC at HQ
    4. Set up and additional DC at HQ
    5. Move Additional DC to brance site
    6. Ping primary DC over VPN
    7. Change IP address of secondary DC and wait for replication

    Thanks

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,240
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Sounds about right, if you have cisco routers on both ends you may be able to setup the tunnel with those which could end up being a more robust solution as the tunnel will be active during server reboots etc which could otherwise cause issues unless you had dedicated server boxes to keep the vpn open the whole time.

    Configuration Professional: Site-to-Site IPsec VPN Between Two IOS Routers Configuration Example* [Cisco Configuration Professional] - Cisco Systems
    Cisco IOS VPN Configuration Guide - Site-to-Site and Extranet VPN Business Scenarios* [Cisco 7200 Series Routers] - Cisco Systems

  3. #3

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Great.

    I do not have a cisco router at the other site, that router is a netgear, but again it allows for VPN setup. Before I go around adding the DC. Whats the best way to check VPN is working correctly after implementing it on the CISCO router, before adding DC site to site?

    Thanks again.

  4. #4

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by purge11 View Post
    Great.

    I do not have a cisco router at the other site, that router is a netgear, but again it allows for VPN setup. Before I go around adding the DC. Whats the best way to check VPN is working correctly after implementing it on the CISCO router, before adding DC site to site?

    Thanks again.
    I would definitely set it up on the routing hardware as a s2s as mentioned. Then just test pings from one network to the other. Remember subnets must be different at each site or you have to start doing horrid things with NAT.

    Rob

  5. #5

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    You should be able to setup a vpn between the two devices even if they are different. You just need to setup the policies!

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,240
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784
    Quote Originally Posted by glennda View Post
    You should be able to setup a vpn between the two devices even if they are different. You just need to setup the policies!
    Depends on how advanced the hardware is at each end, Cisco IOS should be able to act as a server assuming it has the right features enabled, it will depend on the featureset of the other router as to if it can act as a VPN client, without advanced features though it would pipe all traffic through the cisco unit which could have nasty contention implications.

  7. #7

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Well these are the two routers

    Netgear N300 Wireless ADSL2 modem router Model: DGN2200.

    netgear.jpg

    At the branch site - CISCO SRP527W model

    cisco.jpg

    None of them have policies defined, but as far as I know. I do not need any other VPN equipment? Just define the policies? If so how do I go about defining the policies and then testing them? I guess CISCO would be the easiest to set up IPSEC policy.

    Thanks

  8. #8

    Join Date
    Sep 2011
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I recommend you get a couple firewalls to handle your VPN connections. We use Fortigate and Sonicwall to VPN over 15 branches. Both have an easy to use web interface, HA, virus protection, etc.

  9. #9

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ah, so those would replace the current routers? or just seperate devices mainly for VPN? A bit limited on budget, but might consider.

    Thanks

  10. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    I don't think you are going to be able to do it with those routers. Normally when I setup VPN's I setup from the firewall rather then the router. I've had mixed experience with the fortinets but have been using Watchguard devices recently which will do what you want. Probably I would say the XTM 2 series or XTM 3 series will do what you are after.

  11. #11

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hmm,

    So many devices to choose from. Ok. So I need to purchase 2 XTMs to set up VPN and act as firewall and the routers just stick to connecting internet?

    Thanks all

  12. #12

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by purge11 View Post
    Hmm,

    So many devices to choose from. Ok. So I need to purchase 2 XTMs to set up VPN and act as firewall and the routers just stick to connecting internet?

    Thanks all
    I would setup the router to pass through to the Firewall and let the firewall sort all the outbound traffic on the network rather then the router. i.e network - firewall - router - internet.

  13. #13
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,539
    Thank Post
    524
    Thanked 293 Times in 269 Posts
    Rep Power
    83
    We use Pfsense for s2s VPN, it has built in VPN and Firewall capabilities, does everything we want it to do and it's free, we also have another site which has a DC, SAN, Router, Switch etc etc all part of this network but tunnelled through the VPN, our SAN's even replicate with each other over the VPN so no matter what site our clients/staff go to everything they want is on hand. If a Server goes down everything can still be accessed also. I think it's L2TP we are using site to site.

  14. #14

    Join Date
    Jul 2012
    Location
    United Kingdom
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Sounds good,

    I was about to mention that the XTM 33 is around £700 or so, its just too expensive. Even my routers cost around £50, so need a cheaper alternative to VPN solution, which is not too difficult to set up.

  15. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,240
    Thank Post
    882
    Thanked 2,742 Times in 2,316 Posts
    Blog Entries
    11
    Rep Power
    784

SHARE:
+ Post New Thread

Similar Threads

  1. Site to site VPN routing issue.
    By pirran in forum Wired Networks
    Replies: 4
    Last Post: 28th June 2012, 04:57 PM
  2. Replies: 0
    Last Post: 4th April 2011, 09:29 AM
  3. Site to Site Leased Line
    By TronXP in forum Wireless Networks
    Replies: 7
    Last Post: 20th November 2009, 10:13 AM
  4. [Website] Astronaut Needed For Trip To Titan
    By DaveP in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 11th October 2009, 04:09 PM
  5. Not school related need some advice for my home site
    By edie209 in forum Web Development
    Replies: 4
    Last Post: 22nd August 2007, 03:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •