Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Router to connect to RRAS

20 views
Skip to first unread message

Ben Bazian

unread,
Nov 2, 2009, 6:54:31 PM11/2/09
to
Not sure if this is the correct forum to post this to but...

I have an RRAS server that is used for incoming VPN connections. I have 2
users at a remote office that I would like to have a small network connected
via a VPN. There will be no server there. Is there a standalone router
that I can get that can connect to a RRAS server and thereby create a VPN
connection to my main office? They will have a broadband connection without
a static IP so using a router to router VPN is not really doable.

Thanks

-Ben

Bill Grant

unread,
Nov 2, 2009, 11:18:27 PM11/2/09
to

"Ben Bazian" <bba...@mbopartners.com> wrote in message
news:D3CE3724-2F17-4739...@microsoft.com...

Not really. To connect two sites you need a router to router VPN link.

The problem is the way a client-server VPN connection works. When you
connect, data gets from client to server because the connection changes the
client's default route to send all traffic through the VPN link. The problem
is getting the reply back to the client from the server. To do this the
server sets up a host route back to the client.

If you put another machine behind the VPN client, getting the traffic
through the VPN link to the server is pretty easy. Getting a reply back is
very hard because the server has no idea where this machine is or how to
reach it. It only has a host route to the machine which established the
connection.

Lack of a static IP is not a problem, especially if you connect from
that end. But you really need matching routers at both sites. It is
theoretically possible to set up a router to router link between RRAS and a
hardware VPN router but it is full of problems. Router to router links
between matching routers, third party or RRAS, is pretty straight forward.


Bill Grant

unread,
Nov 3, 2009, 5:38:44 PM11/3/09
to


"Bill Grant" <not.available@online> wrote in message
news:eTVvuyDX...@TK2MSFTNGP04.phx.gbl...

If a site to site VPN link is out of the question, your only option is to
connect the remote site to the Internet with a NAT device (such as a DSL
modem/router) and have each client establish its own client-server VPN to
your RRAS server through NAT. Read the small print before you buy. Some
devices only allow one VPN connection to be established from behind the NAT.

0 new messages