Do I need RRAS and VPN

February 25, 2009 at 11:17:32
Specs: Windows Server 2003
A client had a main office workgroup that wanted to enable the four branch offices to share one file server. I installed a File Server with WK3 stanard, brought the main office (less than 20 pcs) into a domain, configured AD, enabled RRAS on the file server, and installed a Netgear FVS318 VPN Firewall router to allow for incoming VPN connections. Wireless clients can connect within the intranetwork.

Yesterday we received our static IP address from our ISP. Now, we are ready to connect our branch offices.

My intention: place a file server with RRAS at each of the four branch offices to initiate the VPN connection to the main office file server.

A few questions:
(1) Does the main office file server need to have RRAS enable if we are using the Netgear VPN router?

(2) Do the branch offices require a compatible VPN router, or will RRAS be sufficient?

See More: Do I need RRAS and VPN

Report •

February 25, 2009 at 12:11:51
Ideally you would have placed a Netgear FVS318 at each location and established site to site vpns. No rras required. No rras overhead on any of your servers.

You do not need a vpn capable firewall to pass thru rras vpn traffic. You just have to open the correct ports in the router(s).

Usually you utilize two nics in each server. One wan facing and one internal for RRAS.

Report •

February 25, 2009 at 13:02:46
Uncertain how the last sentence applies... but, let's back up.

So, I can
(1) disable RRAS on the Main Office File Server
(2) Deploy FSV318 VPNs at the branch offices
(3) Connect site-to-site VPN connections
for Remote Access?

If I disable RRAS, why do I install a second NIC? The VPN router has one WAN and eight LAN connections.

If I truly need to install a second NIC on my file server, how do I point one NIC to the LAN and a second NIC to the WAN.
Since my VPN Router is connected to the WAN, does the server WAN NIC connect to a regular LAN port on the VPN?

Report •

February 25, 2009 at 15:00:47
RRAS stands for routing and remote access. You can't route with one nic or one subnet.

This is a good place to start

You want to look at diagram 5 if you want server to server rras vpn

"(3) Connect site-to-site VPN connections
for Remote Access?"

It is not considered remote access. Remote access is when a client accesses the local network via a vpn server.

For example when I am on the road I have a vpn client I engage to connect to my company network.

This is different than the site to site vpns that connect other offices to our main office network.

Report •

Related Solutions

February 25, 2009 at 23:45:09
That link has been bookmarked for weeks. But, none of the diagrams depict a VPN router scenario.

I request further clarification: If I am using VPN routers to connect the file server at the main office with file servers at the branch offices, will the client computers be able to pull the files from the file servers at the branch office?

Or, must I configure file servers with RRAS (Win 2003 standard)to enable clients to access the files?

Report •

February 26, 2009 at 07:29:44
I request further clarification: If I am using VPN routers to connect the file server at the main office with file servers at the branch offices, will the client computers be able to pull the files from the file servers at the branch office?

If you've created an encrypted VPN tunnel between sites, then you should be able to access services from A to B and vice versa. Effectively, you've extended your LAN across a WAN link. You shouldn't require RRAS or anything else.

Report •

February 26, 2009 at 08:40:49
daytek your question started with do I need rras and vpn.

You may have had the link I provided bookmarked but it does not appear you understand the material. I say this because you appeared surprised that you need two nics in the server to do a rras vpn. This also indicates to me you didn't do your homework concerning the project before you jumped in buying equipment and configuring the server.

Hopefully what follows with clarify things for you.

VPN is a secure tunnel thru the internet to either connect sites together or allow users on the road with internet access to logon/authenicate to the vpn router to then gain access to network resources. I gave examples in my previous post concerning each.

Site to site vpn - done ONLY with hardware vpn routers/firewall appliances. You can, depending on unit, supply both site to site vpns as well as remote client access. A site to site vpn provides the same services as a Point to Point T1 or a Frame Relay T1 does but uses the internet instead.

Client vpn access - is where you install software on a laptop/notebook/pc that goes out thru the internet and authenicates to your vpn router and thereby gains access to the network resources. An example of this usage are road warriors or I have two sites with only two people part time. Instead of creating site to site vpns we just have then do the vpn client thing to connect to our network.

Next you have a software VPN. This is what RRAS is about. Example 5 in the link I provided gives you a diagram of what you need physically to establish a site to site vpn using RRAS. If you want to use RRAS you do not need vpn routers.

Here is an important rule of the road concerning computing projects. Hardware is always faster/better than software.

What this means is given your scenerio I would put in vpn routers before I would install RRAS. You use software solutions when you can't afford hardware solutions.

Hopefully this will answer your question of do you need both at same time.

Report •

February 26, 2009 at 09:43:02
You install routing and remote access and then run the custom option.. Just choice recieve incoming conections only... This will enale the remote pcs to connect to the server.. Log into the Netgear firewall and in the rules option enable pptp service to the ip of your server in the inbound sections...

Then create a vpn shortcut with the static ip adress on the desktop of each user... if all goes well the connection will be accepted...

Report •

February 26, 2009 at 09:49:57
The best option would be to have a netgear at all sites.... These routers have a custom VPN setup in them which allows them to stay connected to each other as if all of the offfices were at one site... Give it a try and see if that works... This isnt a very easy thing to configure if you havent done it before or familiar with firewalls etc... Once they are setup they work well tho.

Netgear has a few guides on how to set this up...



Report •

Ask Question