VPN - Server 2008 dial-out/in. Site A to site B (BT Public IP Address)

Question

Harvey-St 0 Newbie Poster

11 Years Ago

Hello all,

Anyway, Please can someone support me regarding connecting a Windows Server 2008 standard that needs to connect to another Windows server in another country outside of UK (Site B). The ports 1433 and 3030 are also open in the firewall and also the Draytek 2830n router, therefore I can see the ports open via yougetsignal.com. We have 1 public (Static) IP address from BT that is already in the Draytek router on Site A (UK).

How is the simplest or easiest way to connect these 2 Window servers so a management program that uses MySQL Database server can talk to the Site B server or vice-versa) Both sites have a Public IP address.

Can this be done by the WIndows firewall inbound rules / outbound rules where the port 1433 is set. There is an option to enter a Remote IP address under 'scope' which I assume is the Site B's public IP address within the inbound firewall properties.

The other way is the VPN on the Draytek 2830n. There is an option for Lan to Lan using IPSec but not sure the best settings for Dial-out or Dial-in. There is usernames and passwords that not sure of including the Remote gateway or Remote IP to use

We have 2 different routers on Site A and Site B are not the same.

Thank people.

windows-server

2 Contributors
10 Replies
350 Views
1 Week Discussion Span
Latest Post 11 Years Ago Latest Post by Harvey-St

All 10 Replies

JorgeM 958 Problem Solver

11 Years Ago

Ok, so there are a few ways to handle this. You could set up VPN services on both servers and configure port forwarding on each router so that you map the public IP address to the private IPs for the servers. However, I would do this only for VPN ports. You mentioned opening 1433 and 3030 open on your firewall. Maybe not such a good idea since anyone on the Internet would be able to connect on these ports.

However, my suggestion is rather than dealing with VPN services on your servers, you simply purchase (if your routers are not capable) of setting up a VPN tunnel between the two routers. This will simple extend a layer2 network between the two sites. When you are in Site A and need to send traffic to SiteB, you do so by accessing the private IP range for Site B...let the VPN routers take care of the tunnel. It a much simplier design.

JorgeM 958 Problem Solver

11 Years Ago

My suggestion regarding setting up a VPN tunnel was not related to a service, but rather the internet routers at Site A and B to set up a VPN tunnel between them. Most consumer based routers that you buy at a retail store do not have this ability.

Depending on the type VPN tunnel, the ports required will vary.

JorgeM 958 Problem Solver

11 Years Ago

PPTP is not very secure.

Who says that PPTP is not secure. The level of security that you apply simply needs to meet the business requirements. What are the requirements for this tunnel?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Harvey-St 0 Newbie Poster · Answer 1 · 2012-12-01T22:36:28+00:00

Ok, so there are a few ways to handle this. You could set up VPN services on both servers and configure port forwarding on each router so that you map the public IP address to the private IPs for the servers. However, I would do this only for VPN ports. You mentioned opening 1433 and 3030 open on your firewall. Maybe not such a good idea since anyone on the Internet would be able to connect on these ports.

However, my suggestion is rather than dealing with VPN services on your servers, you simply purchase (if your routers are not capable) of setting up a VPN tunnel between the two routers. This will simple extend a layer2 network between the two sites. When you are in Site A and need to send traffic to SiteB, you do so by accessing the private IP range for Site B...let the VPN routers take care of the tunnel. It a much simplier design.

Thanks for reply. Yes did think opening ports 1433 not a good idea.

You mentioned 'purchase (if your routers are not capable) of setting up a VPN tunnel between the two routers. Do you mean purchase a VPN service from either StrongVPN or PrivateTunnel (OpenVPN).

The Draytek 2830n has a VPN Lan to Lan where IPSec. I assume port 500 has to be opened in the Port Fowarding.

I will see what i can do

I am not 100% skilled on VPN at the moment.

Harvey-St 0 Newbie Poster · Answer 2 · 2012-12-02T19:09:12+00:00

Thank you JorgeM.

Ok soz do understand.

Would L2TP/IPSec with the public IP address be the best option as PPTP is not very secure.

Open ports 1433 is now removed

Site A has a Draytek 2830 that does VPN Lan to Lan.

Thanks

Harvey-St 0 Newbie Poster · Answer 3 · 2012-12-02T20:36:30+00:00

I'v read this about on sites and Microsoft mention PPTP has security issues. VPN Services have somthing that PPTP has limtated encription.

It's for a product managment that runs on MySQL Database 2008 standard so the site B needs to talk to site A or dial both ways. This is why port 1433 and 3030 is open in the firewall of Windows Server 2008 standard then open VPN ports on the Draytek router and point to the servers private IP Address i.e. 10.10.10.11

Note, there are client computers on site A that connect to the site A server because of the ports 1433

Cheers

JorgeM 958 Problem Solver Team Colleague Featured Poster · Answer 4 · 2012-12-02T21:10:37+00:00

if you have the firewall service running on the servers, that's OK and yes you would need to open those ports, but only for intranet hosts (private IP range within your network). If you create a tunnel between the two routers, then no other configuration is going to be needed. The VPN tunnel extends your network. Your hosts on either side of the network have no additional required configuration. From their perspective, Site A and B will be the same local network.

Harvey-St 0 Newbie Poster · Answer 5 · 2012-12-02T21:39:55+00:00

Ok thanks yes.

I will update you couple of days how it goes well.

See what VPN ports i need to use.

Thanks

Harvey-St 0 Newbie Poster · Answer 6 · 2012-12-04T08:37:12+00:00

Harvey-St 0 Newbie Poster

11 Years Ago

JorgeM,

It won't be until end of this week now.

Harvey-St 0 Newbie Poster · Answer 7 · 2012-12-12T20:09:25+00:00

if you have the firewall service running on the servers, that's OK and yes you would need to open those ports, but only for intranet hosts (private IP range within your network). If you create a tunnel between the two routers, then no other configuration is going to be needed. The VPN tunnel extends your network. Your hosts on either side of the network have no additional required configuration. From their perspective, Site A and B will be the same local network.

JorgeM,

Ok I managed to connect the VPN on the both routers which is not the same router but configured it via IPSec Tunnel and L2TP and managed to get it to connect dial both ways but then keeps dropping out connection then reconnects again randomly.

The SITE B broadband upload and download speeds are very very slow (upload 0.1meg, download 1meg broadband.

ALSO, Site B uses the No-IP.org as they have a Dynamic Public IP address

Would this be an issue or encryption method issue e.g. 3DES-MD5 etc or AES etc etc. It says Phase 2 drops out.

Thanks

VPN - Server 2008 dial-out/in. Site A to site B (BT Public IP Address)

Recommended Answers Collapse Answers

All 10 Replies

Recommended Answers