Routing over VPN connections

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Routing over VPN connections

Conventional routing occurs between routers over either LAN-based shared access technologies, such as Ethernet or token ring, or WAN-based point-to-point technologies, such as T1 or Frame Relay. With conventional WAN technologies, IP packets are forwarded between two routers over a physical or logical point-to-point connection. This connection is dedicated to the customer across a private data network that is provided by the WAN service provider.

With the advent of the Internet, you can now route packets between routers that are connected to the Internet across a virtual connection that emulates the properties of a dedicated, private, point-to-point connection. This type of connection is known as a router-to-router virtual private network (VPN) connection. With router-to-router VPN connections, you can replace expensive long-haul WAN links with short-haul WAN links to your local Internet service provider (ISP).

To emulate a private, point-to-point connection, a packet that is forwarded between routers is encapsulated, or wrapped, with an additional header that provides routing information that is needed to reach the endpoint. The endpoints of the connection are the routers. The portion of the virtual private networking connection in which your data is encapsulated is called the tunnel.

For secure VPN connections, the data portion of your packets is encrypted. Intercepted packets are undecipherable without the encryption keys. The portion of the virtual private networking connection in which your data is encrypted is called the virtual private network (VPN) connection. In router-to-router VPN connections, the tunnel and the VPN connection are the same.

For general information about VPN technology, see Virtual Private Networks.

For more information about router-to-router VPNs, see Understanding Router-to-Router VPNs.

For information about designing and deploying a router-to-router VPN connection, see Deploying Router-to-Router VPNs.

For an example of a router-to-router VPN connection, see Branch Office over the Internet.

Note

• On Microsoft® Windows Server™ 2003, Web Edition, and Microsoft Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.