Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Site to site VPN with Windows servers

Status
Not open for further replies.
scottdware

scottdware

Technical User
Apr 15, 2003
30
US
Has anyone had experience with using Microsoft Windows VPN with Cisco IPSec VPN. The reason why i'm asking...is that our company is building a new facility later this year, and I am in the process now of designing the DMZ. Well, instead of having our Windows servers are our remote sites do the routing...I want to plead the case of having some 1700's installed and setup IPSec VPN tunnels between sites.

If that were not an option, is there a way that the Windows servers at the remote sites could setup IPSec VPN tunnels to the HQ?
 
Sort by date Sort by votes
I would agree with your case, its better to let the network kit (routers) handle the routing, this includes the VPN as thats a data delivery function, and let the servers do the serving.

This way you can build in security at your network access points. If your allowing VPN access through your routers and firealls onto your server you have to consider how that is managed and tracked. With a router the VPN is handled in hardware, with a server its a software process.

The VPN's are very flexible, you can use them for client connections and sit to site connections, as well as for backing up existing frame or other permanent links. Also its possible to run dynamic routing protocols across, I've used this to back up core intersite links.
 
Upvote 0 Downvote
Thanks for the reply, routerman. I have another question for you. Say there are 4 remote sites, and one main (HQ) one. I know you have to setup the ipsec stuff for each site router to talk to the main HQ...but does it work the same way if I want each site to also talk to each other. So in each router, would I then have 4 different configurations for the VPN connectivity?
 
Upvote 0 Downvote
Either method would work if your using routers. If your using a PIX at the central site then you cannot have 2 remote sites talk via the PIX, as that device wont let traffi between multiples sites in and out the same interface.

When you generate the tunnels the 2 criteia are:

peer router, determined by IP address

traffic to encrypt, determined by a crypto ACL, with a source and destination subnet.

In your first method,you would have an ACL entry matcing the remote site and the HQ lan. If you wanted remote site A to talk to remote site B via HQ, then you would add extra ACL entries. These would be Site A to Site B subnets, and these entrieswould be located on a ll 3 routers.

Hope this makes sense, I suppose it depends how much you know about this already.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
365
CPM86
CPM86
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
227
badwolf1686
B
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
410
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
576
madwok
madwok
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
252
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top