How to Setup A Windows Site-to-Site VPN Connection
How to configure one-way site to site VPN
Name Resolution in a windows site to site VPN
Routing issues on site to site VPN
The username must match the name of a demand-dial interface

How to Setup A Windows Site-to-Site VPN Connection

To setup a Site-to-Site VPN Connection , you may need to configure two windows servers for the Answering and Calling Routers. Here are the steps:

1. Run RRAS, on Configuration page, select LAN routing.
2. Configure VPN on the Answering Router.
3. Configure the Demand-dial Interface on the Answering Router.
4. Configure VPN on the Calling Router.
5. Configure the Demand-dial Interface on the Calling Router.
6. Confirm the Remote Access Policy Configuration on the Answering and Calling Routers.

For the consultants, check the site to site vpn.doc for the details.

How to configure two-way and one-way site to site VPN

For a two-way-initiated router to-router VPN connection, configure the IP address of the calling router. For a one-way initiated site-to-site VPN connection, you can skip this step because the answering router never uses this interface to initiate a connection to the calling router.

For a two-way-initiated router to-router VPN connection, configure the name, domain, and password when this router is acting as the calling router. For a one-way initiated site-to-site VPN connection, you can type any name in User name and skip the rest of the fields because this router never uses this interface to initiate a connection to the calling router.

Name Resolution in a windows site to site VPN

If the calling router is configured with the IP addresses of DNS or WINS servers, DNS and WINS server IP addresses are not requested from the answering router during the PPP connection negotiation. If the calling router is not configured with the IP addresses of DNS and WINS servers, DNS and WINS servers are requested. The answering router never requests DNS and WINS server IP addresses from the calling router.

By default, the calling router does not register itself with the DNS or WINS servers of the answering router. To change this behavior, set the registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman \PPP\ControlProtocols\BuiltIn\RegisterRoutersWithNameServers to 1.

Routing issues on site to site VPN

You may have three ways to configure route: 1. Manually configure static routes on both sites.
2. Perform auto-static updates on both sites.
3. If the site to site VPN connection is persistent, you can also configure IP routing protocols such as RIP or OSPF to operate over the demand-dial connection.

The username must match the name of a demand-dial interface

To establish a two-way Dial-on-demand connection, the interfaces need to be configured correctly. When adding a demand-dial interface, the username, configured from the Interface Credentials screen, must match the name of the interface that you will be dialing into and be a valid RAS user account on that system or domain. If the username does not match the name of the interface, you will connect as a client and not as demand-dial.

Name Resolution in a windows site to site VPN

If the calling router is configured with the IP addresses of DNS or WINS servers, DNS and WINS server IP addresses are not requested from the answering router during the PPP connection negotiation. If the calling router is not configured with the IP addresses of DNS and WINS servers, DNS and WINS servers are requested. The answering router never requests DNS and WINS server IP addresses from the calling router.

By default, the calling router does not register itself with the DNS or WINS servers of the answering router. To change this behavior, set the registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman \PPP\ControlProtocols\BuiltIn\RegisterRoutersWithNameServers to 1.