I am trying to setup VPN between two "Windows 2008 Datacenter Edition" servers reciding in two different datacenters.
I did do the setup outlined in help files, but I am sure I missed somewhere how to configure DHCP, because the connecting client machine does not get any IP assigned and it looses its internet connection.
Consider Server A is VPN Server and can host IP range 10.0.0.1 to 255, and it is also having A.A.A.A as its real public internet ip address.
Server B is normal server with B.B.B.B as its public ip address.
Now for some silly reasons SQL on Server B cant replicate from Server A, and it demands VPN !!
Is it possible to create VPN setup such way that, Sevrver B can have VPN to Server A and whenever Server B places request on 10.0.0.X ip, it can go through VPN and rest communication can go through its default original gateway?
One final, if anyone can suggest any other windows based solution like openVPN (it doesnt work on windows !!) that will be great.
(An aside first: OpenVPN works fine on Windows, though on Windows Server 2008 Datacenter edition specifically I can't say. I've got it running (in driver testing mode, albeit) on Windows 7 x64 with no problem.)
If you've got the budget for Datacenter edition, get a hardware VPN device (like a Cisco ASA or router) and get the VPN functionality off of the Windows machine. A hardware VPN device would "just take care of this" for you and then you wouldn't have all this Windows VPN configuration to worry about. (To my mind it would be more secure, too, because it's a much easier configuration to audit. You do need to keep the firewall device updated and patched, but that shouldn't be too hard.)
If you can't get a hardware VPN device and you have to do this with the Windows machines alone I'd consider using IPsec. Configuring an IPsec policy with the only entries being filters to encrypt the traffic between these two machines using a static key ought to be pretty straightforward.
I'm familiar with a wide range of software and hardware VPN solutions however if the shop is Microsoft I recommend giving TS Gateway a try since you mentioned you have Windows 2008.
for a quick over go here http://technet.microsoft.com/en-us/library/cc754010(WS.10).aspx
We use TSGateway for some intended purposes and not only does it provide a secure SSL connection and easily managed CAP/RAP Policies to define who has access but it audits these events in the system log and even has a 'Citrix' like function of mapping a specific application to your local desktop without shelling to a remote desktop.
Best of all it's free, with the exception of the cert if you purchase from like thawte, verisign, etc...
Yes. You can set up a Demand Dial VPN connection in RRAS. I've set this up before, and remember it to be easy, though I can't find any good tutorials online.