I have a Windows Server 2008 that has a single network interface configured with a public IP address. My business partner has a private network. From my server, I need to access all the devices on his private network, and those devices must be able to access my server.
My business partner has a standard solution for these requirements. They will setup an IPSec + GRE tunnel to my server. They told me, that I will need an additional public IP address for this to work. If it really is necessary, there is no problem, I can get an additional public IP address, although it will be assigned to the same physical network interface.
I assume that on my server I will have both public IP addresses and also the private IP address from the tunnel (the same that is visible for the devices inside the private network).
What alternatives do I have?
- Is it possible to configure this tunnel on my Windows Server 2008? Can it be done using only Windows tools, or do I need an additional free / commercial VPN software?
- If it cannot be done directly on Windows, can I setup an additional virtual machine running Linux, that will handle the IPSec + GRE tasks? How to do it?
- If it cannot be done on a virtual linux box, will I have to buy and setup a Cisco router to handle the IPSec + GRE tasks?
Thanks for your opinions. I'm watching this question to clarify any issues or questions.
Best Answer
You didn't specify what your partner's end of the tunnel is (unless I missed it). I spent a lot of time on a tunnel between Windows Server 2003 and a Cisco Router. It is supposed to be possible, but I failed in doing it, and am not the only one. You can read about here and here.
So if they are using a Cisco router, I recommend you go out and buy one too to save yourself time and lots of aggravation. OpenVPN or Linux to Cisco might be an option? But I have used Cisco to Cisco IPSec tunnels with no interruptions problems for years.
Here are Cisco docs on GRE/IpSec with NAT, but with the Cisco router you can avoid making the tunnel go through nat.