locked
Site to Site VPN PPTP Windows server 2008 R2 RRS feed

  • Question

  • Hello, good morning.


    I'm configuring a test lab as described bellow:


    SITE A:

    Router1 (Adsl connected to ISP)

    IP_WAN: X.X.X.X

    IP_LAN: 192.168.0.1


    VPN1 (Windows server 2008 R2)

    IP_internet: 192.168.0.2 255.255.255.0 192.168.0.1 8.8.8.8


    IP_intranet: 10.10.100.50 255.255.255.0 No gateway no DNS


    WK1 (Windows 7)

    IP_intranet: 10.10.100.100 255.255.255.0 100.100.100.50 no DNS


    SITE B

    Router2 (Adsl connected to ISP)

    IP_WAN: X.X.X.X

    IP_LAN: 192.168.1.1

    VPN2 (windows server 2008 r2)

    IP_internet: 192.168.1.2 255.255.255.0 192.168.1.1 8.8.8.8

    IP_intranet: 10.10.101.40 255.255.255.0 No gateway no DNS

    WK2 (windows 7)

    IP_intranet: 10.10.101.100 255.255.255.0 10.10.101.40 No DNS


    First, start configuring the VPN1 Server.

    Installed role RRAS.

    Configure RRAS like VPN with NAT to give intranet clients internet access:

    In the select the network interface that connects this server to the internt: I've selected de internet interface (192.168.0.2)

    Address assigned to remote clients: From a specified range of IPs: 172.10.100.1 to 172.10.100.2

    On the name and address translation services, I've selected: I will set up name and address services later (because I want to configure AD later)

    On the management Multiple Remote Access Servers, I've selected the option: No, use Routing and Remote Access to authenticate connection requests.

    This option works fine when sharing the internet connection to LAN client.

    Ok, now I go to configure de RRAS Role on VPN2 server.

    Configure RRAS like VPN with NAT to give intranet clients internet access:

    In the select the network interface that connects this server to the internt: I've selected de internet interface (192.168.1.2)

    Address assigned to remote clients: From a specified range of IPs: 172.10.101.1 to 172.10.101.2

    On the name and address translation services, I've selected: I will set up name and address services later (because I want to configure AD later)

    On the management Multiple Remote Access Servers, I've selected the option: No, use Routing and Remote Access to authenticate connection requests.

    This option works fine when sharing the internet connection to LAN client.

    Now I need to configure the demand dial interface on both vpn servers:


    VPN1:

    New demand dial interface.

    Interface name: vpn

    Connect using virtual private networking (VPN)

    Point to Point Tunneling Protocol (PPTP)

    Hostname or IP address of the router you are connecting to: here I've put Public IP Address of my ISP provider given to the router.

    Next I've selected the two options: Router IP packets on this interface and Add a user account so a remote router can dial in.

    On the statics routes for remote Networks, I've added Remote Network IPs 10.10.101.0 255.255.255.0 Metric 1

    Dial in credentials, and Dial Out Credentials.

    When the interface is created the status y connected.



    VPN2:

    New demand dial interface.

    Interface name: vpn

    Connect using virtual private networking (VPN)

    Point to Point Tunneling Protocol (PPTP)

    Hostname or IP address of the router you are connecting to: here I've put Public IP Address of my ISP provider given to the router.

    Next I've selected the two options: Router IP packets on this interface and Add a user account so a remote router can dial in.

    On the statics routes for remote Networks, I've added Remote Network IPs 10.10.100.0 255.255.255.0 Metric 1

    Dial in credentials, and Dial Out Credentials.

    When the interface is created the status y connected.

    The two demand dial interface show that are connected but I cant ping anything on the other site.

    Ping from WK1 to WK2 ping 10.10.101.100 Time out

    Ping from WK2 to WK1 ping 10.10.100.100 Time out

    Ping from VPN1 to VPN2 ping 10.10.101.40 Time out

    Ping from VPN2 to VPN2 ping 10.10.100.50 Time out.


    On both ADSL router are redirected VPN ports 1723 to VPNs servers external ip 192.168.0.2/192.168.1.2.

    So, they can dial each other but I think the tunnel is not established correctly.

    Maybe I should create other static routes, but I don't understand why the dial interface show they are connected but can't ping anything.

    Does anybody know what am I doing wrong?


    Thank you for your help.





    Tuesday, April 9, 2013 11:20 AM

Answers

  • Hi,

    Thank you for the post.

    You may remove DNS from IP_internet network and configure it on IP_intranet network and point to your internal DNS server.

    Regards,


    Nick Gu - MSFT

    Tuesday, April 16, 2013 2:07 AM