Site to Site VPN

June 30, 2012 at 12:51:56
Specs: Windows 2008, 4 gig

I want to set up a branch windows 2008 connection. Mainly as lab work though.

I have a test win 2008 at one lab, which is the main office
I want to set the second DC at my other lab just 20 mins down the road. This will be again another win 2008 DC

As far as I know these are the steps.

1. create VPN link first

- I checked on the router at the main site and it has a Netgear router, which allows you to create a VPN Policy. Its is a N300 Wireless ADSL2 modem router Model: DGN2200.
- The other site has a cisco router which allows for an Ipsec policy.

- I was told I need a VPN server, can the role be on my primary DC? Or do I need a separate 2008 VPN server?

Here is the link of how I need to create one -> ┬╗

2. Create new subnets and assign them to a the appropriate sites

- The main site has a static ip and is
- The branch site will be sitting on a lan that will probably be

So the main question is, when I create the VPN server, I configure this server to use the router's VPN policies? Plus how many VPN servers do I need? One at each site?

Thanks in advance

See More: Site to Site VPN

Report •

July 5, 2012 at 05:43:42
I want to preface this by stating that you're a little too green to be doing this, you need to read up on it and maybe do a step by step lab from an instructional book before you try it on your own. With that said, I'll try to answer your questions.

Your routers have their own VPN functionality. You could set up a site-to-site VPN with just the routers and installing nothing on your server. In fact, this is typically the preferred method. It is best if you have the same types of routers on both ends to avoid confusion in terminology between vendors.

If you are going to use Windows Server as the VPN servers, the routers just need to be forwarding the appropriate protocols, just like any other hosted service. Just like you forward port 80 to a web server, you would forward port 1723 and GRE traffic to your PPTP VPN server (that's only if you use PPTP though, other protocols will have different ports.) You would need a server at both sites. Additionally, you would need to set up a routing statement on each of your routers to point traffic destined for the remote network to forward it to the on-site server.

I hope this is helpful, but I don't expect it to be completely useful to you since it looks like you have a little more to learn. If you have more questions, just post them and I'll try to explain any part of this further to you.

Andrew Leonard
BL Technical Services
IT Support Maryland

Report •

July 5, 2012 at 06:30:55
Thanks for getting back to me. I ve done no practical work on this as yet. Just some digging around on other forums. Yep. I admit it, I do not have too much of a clue. However after some answers from some other forums. They did point me to my own routers, just like you have here.

Some mentioned to just get a firewall device to do the work, so in order to keep away from configuring windows 2008 as a VPN. The problem is some firewalls e.g XTM 33 are very pricey.

I guess I ll go for the routers, but I am a little worried that they can not handle the VPN connection so well.

Here are the routers I have.

Netgear N300 Wireless ADSL2 modem router Model: DGN2200.
At the branch site - CISCO SRP527W model

They both allow to set VPN policies and the netgear one even has a wizard to set those up. I dare not configure any site to site DC untll I investigate if those routers can handle VPN well enough. Maybe you can offer some assistance if using those are worth the trouble.

Report •

July 5, 2012 at 09:01:23
You'll also want to make sure that the VPN type that it uses meets your company's security requirements. Some VPN's are more secure than others. When it's a completely new project, with no existing equipment, I generally use SonicWALL equipment. It's relatively inexpensive and has lots of options for VPN's.

Andrew Leonard
BL Technical Services
IT Support Maryland

Report •
Related Solutions

Ask Question