L2TP-based on-demand branch office

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

L2TP-based on-demand branch office

The Portland branch office is an L2TP/IPSec branch office that uses a router running Windows Server 2003, Standard Edition, to create an on-demand, router-to-router VPN connection with the corporate office router in New York as needed. When the connection is made and is idle for five minutes, the connection is terminated.

To deploy an L2TP, one-way initiated, on-demand, router-to-router VPN connection to the corporate office based on the settings configured in Common configuration for the VPN server and On-Demand Branch Office, the following settings are configured on the Portland router.

Certificate configuration

The Portland router was configured by the Electronic, Inc. network administrator while it was physically connected to the Electronic, Inc. intranet and then shipped to the Portland site. While the Portland router was connected to the Electronic, Inc. intranet, a computer certificate was installed through auto-enrollment.

Demand-dial interface for the connection to the ISP

To connect the Portland office router to the Internet by using a local ISP, a demand-dial interface is created by using the Demand-Dial Interface Wizard with the following settings:

  • Interface name

    ISP

  • Connection type

    Connect using a modem, ISDN adapter, or other physical device is selected.

  • Select a device

    The appropriate ISDN device is selected.

  • Phone number or address

    Phone number of the ISP for the Portland office.

  • Protocols and security

    The Route IP packets on this interface check box is selected.

  • Static Routes for Remote Networks

    The following static route for the Electronic, Inc. VPN server is added automatically when the wizard is run to create the connection to the Portland ISP:

    • Interface: ISP

    • Destination: 207.209.68.1

    • Network mask: 255.255.255.255

    • Metric: 1

  • Dial-out credentials

    • User name: Portland office ISP account name.

    • Password: Portland office ISP account password.

    • Confirm password: Portland office ISP account password.

Demand-dial interface for router-to-router VPN connection

To connect the Portland office router to the VPN server by using a router-to-router VPN connection over the Internet, a demand-dial interface is created by using the Demand-Dial Interface Wizard with the following settings:

  • Interface name

    CorpHQ

  • Connection type

    Connect using virtual private networking (VPN) is selected.

  • VPN type

    Layer-2 Tunneling Protocol (L2TP) is selected.

  • Destination address

    207.209.68.1

  • Protocols and security

    The Route IP packets on this interface check box is selected.

  • Static Routes for Remote Networks

    Static route for corporate headquarters and branch offices: To make all locations on the corporate intranet reachable, the following static route is configured:

    • Interface: CorpHQ

    • Destination: 172.16.0.0

    • Network mask: 255.240.0.0

    • Metric: 1

    To make all locations on Electronic, Inc. branch offices reachable, the following static route is configured:

    • Interface: CorpHQ

    • Destination: 192.168.0.0

    • Network mask: 255.255.0.0

    • Metric: 1

  • Dial-out credentials

    • User name: VPN_Portland

    • Domain: electronic.microsoft.com

    • Password: P*4s=wq!Gx1

    • Confirm password: P*4s=wq!Gx1

Note

  • The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.