Router-to-router VPN connection

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Router-to-router VPN connection

A router makes a router-to-router VPN connection that connects two portions of a private network. The VPN server provides a routed connection to the network to which the VPN server is attached. On a router-to-router VPN connection, the packets sent from either router across the VPN connection typically do not originate at the routers.

The calling router (the VPN client) authenticates itself to the answering router (the VPN server) and, for mutual authentication, the answering router authenticates itself to the calling router.

Computers running Microsoft® Windows NT® 4.0 with the Routing and Remote Access Service (RRAS), Windows® 2000 Server, or a Windows 200 Server or a Windows Server 2003 operating system can create router-to-router VPN connections. VPN clients may also be any non-Microsoft Point-to-Point Tunneling Protocol (PPTP)-capable router or Layer Two Tunneling Protocol (L2TP)-capable router with Internet Protocol security (IPSec).

For more information on PPTP and L2TP, see Understanding VPN Tunneling Protocols. For more information on deploying router-to-router VPN connections, see Deploying Router-to-Router VPNs. For an example implementation of router-to-router VPN connections, see Virtual Private Network Implementation Examples. For information about creating router-to-router connections by using IPSec Encapsulating Security Payload (ESP) tunnel mode, see Tunnel mode.