L2TP-based persistent branch office

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

L2TP-based persistent branch office

The Phoenix branch office is an L2TP/IPSec branch office that uses a router running Windows Server 2003, Standard Edition, to create a persistent, router-to-router VPN connection with the corporate office router in New York. The connection is never terminated even when idle.

To deploy an L2TP, two-way initiated, persistent, router-to-router VPN connection to the corporate office based on the settings configured in Common configuration for the VPN server and Persistent Branch Office, the following settings are configured on the corporate router and Phoenix router.

VPN server configuration

The VPN server is configured with a demand-dial interface and a static route.

Demand-dial interface for router-to-router VPN connection

To connect the corporate office router to the Phoenix router by using a router-to-router VPN connection over the Internet, a demand-dial interface is created by using the Demand-Dial Interface Wizard with the following settings:

  • Interface name

    VPN_Phoenix

  • Connection type

    Connect using virtual private networking (VPN) is selected.

  • VPN type

    Layer-2 Tunneling Protocol (L2TP) is selected.

  • Destination address

    131.107.128.1

  • Protocols and security

    The Route IP packets on this interface check box is selected.

  • Static Routes for Remote Networks

    Static route for Phoenix office network: To make all locations on the Phoenix network reachable, the following static route is configured:

    • Interface: VPN_Phoenix

    • Destination: 192.168.14.0

    • Network mask: 255.255.255.0

    • Metric: 1

  • Dial-out credentials

    • User name: VPN_CorpHQ

    • Domain: electronic.microsoft.com

    • Password: o3\Dn6@`-J4

    • Confirm password: o3\Dn6@`-J4

Once the demand-dial interface is created, the following change is made:

  • For the properties of the demand-dial interface, on the Options tab, under Connection type, the Persistent connection option is selected.

Phoenix router configuration

The Phoenix router was configured by the Electronic, Inc. network administrator while connected to the Electronic, Inc. intranet and then shipped to the Phoenix site. While the Phoenix router was connected to the Electronic, Inc. intranet, a computer certificate was installed through auto-enrollment. Additionally, the Phoenix router computer was configured with a demand-dial interface and a static route.

Demand-dial interface for router-to-router VPN connection

To connect the Phoenix office router to the corporate office router by using a router-to-router VPN connection over the Internet, a demand-dial interface is created by using the Demand-Dial Interface Wizard with the following settings:

  • Interface name

    VPN_CorpHQ

  • Connection type

    Connect using virtual private networking (VPN) is selected.

  • VPN type

    Layer-2 Tunneling Protocol (L2TP) is selected.

  • Destination address

    207.209.68.1

  • Protocols and security

    The Route IP packets on this interface check box is selected.

  • Static Routes for Remote Networks

    Static route for the Electronic, Inc. VPN server: To make the Electronic, Inc. VPN server on the Internet reachable, the following static route is configured:

    • Interface: The WAN adapter attached to the Internet

    • Destination: 207.209.68.1

    • Network mask: 255.255.255.255

    • Gateway: 0.0.0.0

    • Metric: 1

    Note

    • Because the WAN adapter creates a point-to-point connection to the ISP, any address can be entered for the gateway. The gateway address of 0.0.0.0 is an example. 0.0.0.0 is the unspecified IP address.

    Static route for corporate intranet and branch offices: To make all locations on the corporate intranet reachable, the following static route is configured:

    • Interface: VPN_CorpHQ

    • Destination: 172.16.0.0

    • Network mask: 255.240.0.0

    • Metric: 1

    To make all locations on Electronic, Inc. branch offices reachable, the following static route is configured:

    • Interface: VPN_CorpHQ

    • Destination: 192.168.0.0

    • Network mask: 255.255.0.0

    • Metric: 1

  • Dial-out credentials

    • User name: VPN_Phoenix

    • Domain: electronic.microsoft.com

    • Password: z2F%s)bW$4f

    • Confirm password: z2F%s)bW$4f

Once the demand-dial interface is created, the following change is made:

  • For the properties of the demand-dial interface, on the Options tab, under Connection type, the Persistent connection option is selected.

Note

  • The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.