Servicing Internet Traffic

Applies To: Windows Server 2008, Windows Server 2008 R2

Depending on the immediate task at hand, users in an organization that includes more than one site might want to access people or resources at the remote site, or they might want to access the Internet. You can use a demand-dial router to handle both types of traffic. If you do use the demand-dial router to enable users to access the Internet, you must decide whether you want users at a branch office to access the Internet through the main office or to access the Internet directly from the branch office.

Routing branch office Internet traffic through the main office

If you want branch office Internet traffic to be sent through the VPN tunnel to the main office to be protected by the security filtering software used there, configure branch office Internet traffic to go over the dial-up or VPN connection to the NPS server at the main office. NPS is an integrated firewall and Internet caching server that can also function as a VPN router to provide Internet access that is both secure and fast.

Routing branch office Internet traffic directly to the Internet

To give branch office users faster access to the Internet than is possible if the Internet traffic must travel to the main office and back, configure branch office Internet traffic to go directly out to the Internet through the demand-dial router. In addition, if you use an on-demand connection rather than a persistent connection, you must provide direct access to the Internet through the demand-dial router rather than over the link to the main office. Configuring client computers to allow users in the branch office to access the Internet directly through the demand-dial router is known as split tunneling.

For information about handling each alternative, see Configure Internet Access Through the Calling Router in the RRAS Deployment Guide.