Re: Win2K3 end point routers on separate Win2K3 networks

From: ch (
Date: 04/22/04

Date: Thu, 22 Apr 2004 14:01:38 -0700

You wrote:
"whatever is their default gateway must have the routing
setup on it so that it knows to send anything for the
remote network to the VPN box"

Right now the default gateways are the routers (connected
to the cable modem / ADSL modem) for each respective
office. This is how each office currently connects to the

I've read much of the documentation for each router and
cannot figure out how to get the routers to point traffic
to the Win2K3 VPN router (if and only if that traffic is
destined for the other office). So I thought that it must
be handled by the DC server (which houses the DNS & DHCP
servers). The article I am building my end-point routers
by speaks about configuring the workstations to point to
the VPN server as thier default gateway - but I do NOT
want one office to traverse teh wire to use teh other
office's DG for internet access. That would make things
probitively slow. Since I use a DC that includes a DHCP
server, I wonder why I would configure each workstation.
That led me to assume that the suggestions laid out in
that article were based upon a peer to peer network, vice
a DC controlled network. We are using 2 DC controlled
networks. I had hoped to attach each VPN server to their
respective network with a static route to the other static
IP address. I guess each VPN server would be in the DMZ
for each router (current DG) for each office.

As you can see I am thoroughly confused. I assume that I'd
have some sort of icon on the workstations that allows the
users to access the VPN connection at will (but it would
always be open - I'd create a ping daemon to keep the
connection alive), but I'd hope to not have to create
these connections manually, instead allow any new
workstation that connects to the network to automatically
have access to the VPN.

Do you have any specific suggestions to handle this?


>-----Original Message-----
>"ch" <> wrote in
>> I have 2 questions:
>> 1. Is the setup any different for Win2K3?
>Not sure. Never have done it with 2003.
>> 2. How do I tell the DC to point VPN traffic to the new
>> end point router and for all other traffic to use the
>> cable modem router as they currently do?
>Snce you only have two subnets and since they are
directly connected, the
>two VPN boxes are already aware of each other. The on
rest of the clients in
>the system they either need to use their respective VPN
box as the Default
>Gateway or whatever is their default gateway must have
the routing setup on
>it so that it knows to send anything for the remote
network to the VPN box.
>> I was told that I
>> needed to create a VPN policy on each Win2K3 DC - and
>> other post told me that I didn't. I'm confused. Any help
>> is appreciated.
>I never heard of "VPN Policies".
>Phillip Windell [MCP, MVP, CCNA]