Announcement

Collapse
No announcement yet.

Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

    Can an office with a Cisco router configured as a VPN server (Site-to-Site and Easy VPN Servers) also run a Windows Server 2008 R2 VPN Server at the same time?

    The only concern I can see is if they use the same ports. If not using the same ports I would need to do some port forwarding onto the Windows Server VPN Server to direct that traffic, and that is it.

    Basically, the office in question has a small 881(W) router, limited to 10 concurrent connections. So I want to split the inter-office connectivity as Cisco Site-to-Site VPNs (to connect up 2 other offices, with same kit installed, but no servers) and the user based VPN access for remote laptop workers via Windows Server VPN Server.

    I have a very simple configuration in place, just to get the routers talking and their private networks (192.168.x.0/24 at each side) to be routable. This was all done via Cisco Configuration Professional (CCP) and really is about the only way I can control these devices - not very proficient at the command line yet...

    Also, through CCP, can I view the current open ports? Namely the ones in use for the existing VPN Servers.

    More details can be provided if it is needed and asked for to get the answer.

    Thanks

  • #2
    Re: Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

    If its an ipsec vpn then you can't just "change" the ports. ISAKMP uses udp 500 and Ipsec uses either protocol 50(ESP) or udp 4500 for NAT-T. You can change udp 4500 on some platforms to tcp 10000.

    Best solution would be to upgrade your device to accept the required connections.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

      thanks Auglan

      looking at implementation guides, i will need to port forward the following ports from the router (running the current vpn servers) to the windows server:

      For PPTP: 1723 TCP 47 GRE
      For L2TP over IPSEC: 1701 TCP 500 UDP
      For SSTP: 443 TCP

      This seems to make use of the same UDP 500 port, so I guess we are going to run into problems with this part?

      Comment


      • #4
        Re: Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

        Shouldn't be an issue as they are different protocols. Never really tried mixing different protocol types on the same network though. Usually I use IPsec vpn's, whether they are site to site, easyvpn server etc.. I would look at SSL vpn's as they are very easy to implement and easy to use on the client side.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

          i am hoping that they are different products and therefore can run simultaneously, and this was why in my opening post, i asked if it was possible to see through the CCP product what open ports that router is using. i was going to match it up against the listed items i put below.

          The SSTP is new to 2008 and is more tricky to implement, so I was intending to use L2TP over IPSec (L2TP/IPSec), which is one of the default configuration choices for a VPN in the Windows client O/S.

          Is this different to Cisco's IPSec?

          Comment


          • #6
            Re: Cisco Site-to-Site VPNs with Windows Server VPNs on Same Network

            Normally out of the box a cisco router has no access restrictions at all. What I mean is by default everything is allowed through. Once you implement zone based firewall or cbac then you would need to only allow what ports you need from the outside in.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment

            Working...
            X