VPN Setup

[reynolwi]

I am trying to setup a Hardware VPN between two sites so i can setup a server at the other location. Can someone point me in the direction of how to do this or give me some pointers? I have looked online and havent really found anything as to how i need to set this up so that the servers will be able to communicate. I know there is some routing issues involved so that communication between everything works becuase the second site wont be in the same subnet as the home site.

The home site subnet is 10.25.18.0 and the netmask is 255.255.255.0
The servers will all be running windows server 2003 standard r2.

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[reynolwi]

the other site subnet is 192.160.10.0 and the network mask is 255.255.255.0

there are several clients over there and we will be putting a server or 2 over there so that we can join them to the domain but I do not know how to setup all the routing and such so the clients and servers can talk to the rest of the AD and Domain.

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[msworld]

We need more information to help. Which router? Do you have static IP public IP addresses? However, this how to provide step by step setup Linksys site to site VPN,

Linksys Router to router VPNT
his article describes how to configure a site to site VPN between two Linksys BEFVP41 routers. You should have two static public IPs to setup a IPSec VPN. ...

http://www.howtonetworking.com/RemoteAccess/linksysvpn1.htm

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on

http://www.HowToNetworking.com

 

[reynolwi]

I have two symantec firewall/vpn routers. one is a VPN 200 which is at the home site and the other is a VPN 100 which is at the remote site. im not sure how to do the routing to ensure that the clients and servers can talk back and forth. I have dynamic ips at the moment and will probably upgrade to static but i do have DDNS setup on both routers. I tried setting it up today following symantecs website but when i tried to ping a computer on the home site 10.25.18.20 it couldnt. the remote site subnet is 192.160.16.0 so they arent on the same subnet and im not sure how to do the routing.

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[TidyTrax]

You should have on both those routers config tools with the ability to create IPSec VPN's. Just enter the details - ie: external host/IP's for both end points and the internal LAN details - you will also have to set up shared keys etc.

I would imagine there is a simple web interface to follow

 

[reynolwi]

I followed symantecs instructions on their website for setting up a dynamic IPSec vpn but when i tried to access computers from the other site its like they werent there. When the VPN is active does it not update the routing tables so it knows how to send traffic back and forth from the different subnets?

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[reynolwi]

I will be changing the IP structure of the remote site to make it somewhat easier cause it was mentioned to me that the 192 addresses arent fun to mess with.

The home subnet will be 10.25.18.0 with a netmask of 255.255.255.0 and the remote subnet with be 10.25.19.0 with a netmask of 255.255.255.0

Like i asked previosly when the VPN goes active does it update the routing tables so that it knows how to route traffic between the 2 subnets are do i need to create those? And what if any settings do i need to change on the servers so that there wont be any issues. I know in the AD sites and services there is a subnet folder and i currently have the 10.25.18.0 subnet in there. Do i need to add the remote subnet as well in there? All the servers and clients will be on one domain or should i run the remote site on a child domain of the main domain. Such as the home site would be domain.com and the remote site would be remote.domain.com or will they all work on the domain.com
All the servers will be Windows Server 2003 Standard R2 and the Clients will be Windows XP Pro

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[Roadki11]

Not sure how this works with the symantec vpns we use the Cisco Pix for our vpn's. With the PIX you need to tell it what traffic to "protect" basically what traffic to send through the tunnel. so on one side you tell it to protect 10.25.19.0 traffic originating from 10.25.18.0 and on the other side you tell it to protect 10.25.18.0 traffic originating from 10.25.19.0. this in effect acts as your routing statements.

RoadKi11

 

[reynolwi]

ok i think i understand what you are saying. On the routing table page in the symantec router i have the following fields...

Destination IP; Network Mask; Gateway; Interface; Metric

the interface field options are Internal LAN and External WAN. Currently it has just 2 routes setup for the internal stuff which is

1)
Destination 10.25.18.0
Network mask 255.255.255.0
Gateway 10.25.18.1
Interface Internal LAN
Metric 1

2)
Destination 10.25.18.1
Network Mask 255.255.255.255
Gateway 10.25.18.1
Interface Internal LAN
Metric 0


So i would add if i have it right...

Destination 10.25.19.0
Network Mask 255.255.255.0
Gateway 10.25.18.1
Interface Internal LAN
Metric 1

Destination 10.25.19.1
Network Mask 255.255.255.255
Gateway 10.25.18.1
Interface Internal LAN
Metric 0

Would this be correct or do i have it wrong? If it is correct i would just flip it around on the other router. Then would i need to adjust any settings in Windows server 2003 for them to communicate. I know i have to setup a DNS server on the remote side and then have them replicate, but i didnt know what else i needed to do.

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

 

[reynolwi]

I have it setup and running without a problem so far. Thanks everyone for your input and help

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com