RE: OT: How to configure with VPN endpoints outside ISA2K4?
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Tue, 11 Oct 2005 07:30:06 GMT
Hi Gary,
Thanks for posting here! Also thanks for Les's input!
For your description, I understand that you want to setup a branch office
and share information between the both sites by setup VPN. If I am off
base, please don't hesitate to let me know.
============================
As they suggested, the easiest method is to setup site to site VPN for your
scenario. Please refer to the following articles to get solution you want:
Connecting a Remote Office to a Small Business Server 2000 Network
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/remotofc.mspx
This solution also can be applied to SBS 2003 environment.
The followings are articles about Branch Office, hope it helps:
Branch office over the Internet
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/0160ff2e-806b-4780-9a14-e2192640cc6f.mspx
Windows Server 2003 Active Directory Branch Office Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=9353a4f6-a8a8-40bb-
9fa7-3a95c9540112&DisplayLang=en
Active Directory Branch Office Guide
http://www.microsoft.com/technet/community/events/ad/tnt02.mspx
Dial-up branch office network
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p
roddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/stan
dard/proddocs/en-us/sag_rras-ch4_30.asp
============================
The following are articles about VPN in Branch office scenario:
A dial-up router-to-router VPN connection
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/e46ee6bf-f327-4437-a523-bafb35285f04.mspx
Persistent branch office
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve
rHelp/ca443764-c00d-4b5f-9c8f-04516d241438.mspx
Router-to-Router VPN
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/
en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en
-us/intwork/inbe_vpn_ydqh.asp
============================
And all these solutions in these articles mainly focus on setting up a
Windows 2000/Windows Server 2003 as VPN Server and enable firewall on the
Server, however, you can definitely use an existing Firewall and Router to
Router, hardware device based VPN server. If you want to do so, you need to
contact some device vendor who has this kind of device.
So, generally, there are two options in remote office scenario:
1. Setup a third party VPN and Firewall on a hardware based device. Use
Windows server 2003 simply as a DC in remote site.
2. Setup a Windows Server 2003 as a VPN Server, enable Firewall on it, this
can be a DC or member server which depends on your plan.
If you do not want to use the Microsoft VPN, you can ignore the VPN info on
the articles and go ahead configuring AD site and Services. However, if you
do not use any VPN connection, since there is a firewall between two sites,
you need to make sure that you have opened the necessary ports. We need
enable TCP port 1723, as well as an additional IP port 47 (GRE protocol) on
all routers and firewalls between a PPTP client and a PPTP server.
For this info, please refer to:
179442 How to Configure a Firewall for Domains and Trusts
http://support.microsoft.com/?id=179442
And you can refer to the following KB article and manually set up the VPN
server:
324747 HOW TO: Provide Secure Point-to-Point Communications Across a
Private Network or the Internet in Windows Server 2003
http://support.microsoft.com/?id=324747
More information:
308208 HOW TO: Install and Configure a Virtual Private Network Server in
http://support.microsoft.com/?id=308208
HOW TO: Configure a Connection to a Virtual Private Network (VPN) in
Windows XP
http://support.microsoft.com/?id=314076
320697 HOW TO: Turn On and Configure Inbound VPN Access in Small Business
http://support.microsoft.com/?id=320697
Hope above information helps! If you have any unclear about information in
my post please feel free to let me know. I am looking forward to your reply!
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Gary Karasik" <gkarasik@xxxxxxx>
>Subject: OT: How to configure with VPN endpoints outside ISA2K4?
>Date: Mon, 10 Oct 2005 11:39:22 -0700
>Lines: 21
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <uucWvnczFHA.164@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: 216.115.232.13
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
0.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:211733
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi,
>
>For branch-office-connectivity purposes, both Russ Grover and Aus have
>suggested using two VPN appliances and establishing a tunnel between them.
>What I can't figure out how is, Once that's done, what then?
>
>You get the tunnel up between the two endpoints.
>
>(Like this: Branch Office workstations---VPN endpoint===DSL
>Router===Internet===DSL Router===VPN endpoint---ISA 2004 server---SBS
>network.)
>
>Here's where I get stuck: Isn't the VPN tunnel ending outside of ISA?
>
>How do you then get the connection through ISA to the SBS network?
>
>Am I making this more complicated that it is?
>
>GaryK
>
>
>
.
- References:
- OT: How to configure with VPN endpoints outside ISA2K4?
- From: Gary Karasik
- OT: How to configure with VPN endpoints outside ISA2K4?
- Prev by Date: RE: Analysis Service
- Next by Date: Re: Kazaa
- Previous by thread: Re: How to configure with VPN endpoints outside ISA2K4?
- Next by thread: Re: OT: How to configure with VPN endpoints outside ISA2K4?
- Index(es):
Relevant Pages
|
