L2TP-based extranet for business partners

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

L2TP-based extranet for business partners

Parnell Aerospace is a business partner that uses a router running Windows Server 2003, Standard Edition, to create an on-demand, L2TP/IPSec, router-to-router VPN connection with the Electronic, Inc. corporate office router in New York as needed. When the connection is created and is idle for five minutes, the connection is terminated. The Parnell Aerospace router is connected to the Internet by using a permanent WAN connection.

To deploy an L2TP, one-way initiated, on-demand, router-to-router VPN connection to the corporate office based on the settings configured in Common configuration for the VPN server and Extranet for Business Partners, the following settings are configured on the Parnell Aerospace router.

Certificate configuration

The Parnell Aerospace router was configured by the Electronic, Inc. network administrator while physically connected to the Electronic, Inc. intranet and then shipped to the network administrator at Parnell Aerospace. While the Parnell Aerospace router was connected to the Electronic, Inc. intranet, a computer certificate was installed through auto-enrollment.

Demand-dial interface for router-to-router VPN connection

To connect the Parnell Aerospace router to the Electronic, Inc. VPN server by using a router-to-router VPN connection over the Internet, a demand-dial interface is created by using the Demand-Dial Interface Wizard with the following settings:

  • Interface name

    Electronic

  • Connection type

    Connect using virtual private networking (VPN) is selected.

  • VPN type

    Layer-2 Tunneling Protocol (L2TP) is selected.

  • Destination address

    207.209.68.1 (the IP address of the Electronic, Inc. VPN server's interface on the Internet)

  • Protocols and security

    The Route IP packets on this interface check box is selected.

  • Static Routes for Remote Networks

    Static route for Electronic, Inc. extranet: To make all locations on the Electronic, Inc. extranet reachable, the following static route is configured:

    • Interface: Electronic

    • Destination: 172.31.0.0

    • Network mask: 255.255.0.0

    • Metric: 1

  • Dial-out credentials

    • User name: PTR_Parnell

    • Domain: electronic.microsoft.com

    • Password: W@8c^4r-;2\

    • Confirm password: W@8c^4r-;2\

Notes

  • On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling Protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling Protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000.

  • The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.