Hello,

I want to create a site to site using windows 2008 DC at both sites. Mainly for active directory replication.
I have a CISCO SRP527W model which has some options for VPN. My question is can the router act as the VPN server or do I have to configure a windows server to do all the VPN configure?

On the CISCO router it has all the options of VPN passthrough enabled. These being PPTP, IPSEC and L2TP enabled. Although no site to site IPSEC policies are defined as yet.

So if creating a windows 2008 DC at the other site, do I need to configure VPN on the server or just the cisco router alone?

As far as I know these are the steps

1. Set RRAS server
2. set up VPN policies on both routers
3. Set up primary DC at HQ
4. Set up and additional DC at HQ
5. Move Additional DC to brance site
6. Ping primary DC over VPN
7. Change IP address of secondary DC and wait for replication

Thanks

just the router.

set up the S2S VPN and set the interesting traffic to be that of the subnets that the servers are on.

that's about it.

the router will automatically route traffic through the VPN tunnel to each server.
basically, lets say the server is on 192.168.10.0/24 server A is .1 server B is .2
any traffic on either router destine for that subnet/ip address will go through the tunnel.

I have to say that setting up a VPN in the CLI of a router is a bit complex. easy to do in the CCP/SDM though.

_________________
CCNA, CCDA, CCNA-SECURITY

Hello,

Thanks for getting back to me. I was told I might as well get a firewall at both sites and use that to configure VPN, I guess the routers can do this, but what worries me is that they might be unreliable and difficult to configure, can you recommend any?

I ve heard of sonicwall and XTM although they are sort of pricey. May have to go with them if I cannot find anything else.

anyways, let me know what is the best for s2s VPN