Want more Win2K tips
and tricks? Automatically
sign up for our free Windows 2000 Server newsletter, delivered each
As you may know, Windows 2000 Server includes the Routing
and Remote Access Service (RRAS). In addition to other tasks, you can use RRAS
to establish a secure, persistent connection between two remote networks.
For example, you can use RRAS to create a VPN tunnel across
the Internet between a branch office and the corporate office to enable users
at one site to seamlessly access network resources at the other site (such as
Exchange Server, a file server, or printers). This capability can be useful in
situations where Windows 2000 Server acts as the router for the network or
where an existing router or firewall doesn’t offer VPN capability.
You have several options for creating the VPN tunnel. You
must first decide whether to use Point-to-Point Tunneling Protocol (PPTP) or
Layer Two Tunneling Protocol (L2TP).
PPTP is easier to implement because it doesn’t require
installing a certificate on the servers, while L2TP requires a certificate to
support the L2TP-over-IPSec connection. However, L2TP offers better security
because of the certificate-based encryption, and you can use Windows 2000’s
Certificate Services to generate the required certificate.
You must also decide how you’ll route the traffic between
the two networks. You can add static routes in RRAS, or you can use a routing
protocol such as Routing Information Protocol (RIP) to enable the routers to
discover appropriate routes.
There are several steps to take to establish a
router-to-router VPN connection using Windows 2000 Server. To learn more about
the process and the required steps, consult the Help content in the RRAS, and
drill down to Routing And Remote Access | Routing | Concepts | Using Routing |
Deploying Routing | Setting Up Router-To-Router VPNs.