RATE THIS ANSWER
0
Click to Vote:
0
0
Last Answered:
Apr 9 2008 4:41 PM GMT
by Donnellymp
Even though the sites have a public static IP address, it is likely that the router at each site is doing port address translation (PAT). You can still setup a VPN using this but doing network address translation (NAT) is a better way. You will need to setup the router at each end to permit VPN traffic (protocol 50, 51; UDP 500, 4500) and route it to the internal VPN terminating host on each end. I would also suggest ensuring that the firewall be configured so that it only accepts connections from the remote address so it does not have to deal with someone attempting to compromise your network.
You may need to contact BT for router support to get the NAT and/or firewall setup.
There are some best practices for setting up a VPN using Windows. These include implementing DHCP services, creating an enterprise certificate authority, install and configuring IAS, creating a remote access policy, configuring the VPN server, associating the VPN server with the DHCP server, configuring your customer's remote clients and testing the client connection. SearchNetworkingChannel.com has a
guide with all the gory details.