Routing and Remote Access Design Guide
Updated: April 30, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
Routing and Remote Access service (RRAS) in the Windows Server® 2008 R2, Windows Server® 2008, and Windows Server 2003 operating systems provides virtual private network (VPN) services for remote client access and router-to-router VPN connections. RRAS supports Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), Secure Socket Tunneling Protocol (SSTP) in Windows Vista with SP1 and Windows Server 2008 and later versions of Windows, and Internet Key Exchange version 2 (IKEv2) in Windows 7 and Windows Server 2008 R2. The remote access features enable remote or mobile workers to access corporate networks over the Internet or dial-up links as if they were directly connected. The routing features provide LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.
This guide provides recommendations to help you plan a new deployment of RRAS, based on the requirements of your organization and the particular design that you want to create. This guide is intended for use by an infrastructure specialist or network architect. It highlights your main decision points as you plan your RRAS deployment. Before you read this guide, you should have a good understanding of virtual private networking and routing services. You should also have a good understanding of the organizational requirements addressed in your RRAS design.
This guide describes a set of deployment goals that are based on a variety of RRAS scenarios, and the guide helps you decide the most appropriate design for your environment. You can use these deployment goals to form one of the RRAS designs or a custom design that meets the needs of your environment.
For each design, you will find guidelines for gathering required data about your environment and for planning and designing your RRAS deployment. After you read this guide and finish gathering, documenting, and mapping your organization's requirements, you can begin deploying RRAS by using the guidance in the Routing and Remote Access Deployment Guide.
Understanding the Routing and Remote Access Design Process
Identifying Your Routing and Remote Access Deployment Goals
Mapping Your Deployment Goals to a Routing and Remote Access Design
Evaluating Routing and Remote Access Design Examples
Appendix A: Computer Certificates for VPN Connections
Appendix B: VPN Servers and Firewall Configuration
Appendix C: VPN Tunneling Protocols