Hi Site to Site VPN connections is a big subject, and I've spent several days to figure out if it possible to solve my connection needs with the stuff on hand, or do I need to buy something. This is what I have: Site 1 (Main site) SBS 2003 standard (no ISA) fixed public IP (SBS is in 2-leg configuration) internal = 192.168.90.0/24 Site 2 (sales office) PIX501 Router, DHCP IP on external, internal = 192.68.70.0/24 Today, each PC in sales office is connecting to Main site with it's own Remote VPN (PPTP). So, is there a solution with the equipment on hand to create a "permanent" 2 way VPN-connection, the idea is to ease the procedure for the sales office to get connected with main office for shares and mail etc. The best I seen so far indicates that I should be able to create a IPsec tunneling endpoint in SBS (using Local IPsec policy and RRA) and also suppport this type on PIX-side, but I have not yet found proof that I can do it without fixed IP on both sides. pls. try to keep it within the topic, I know I can buy X and/or Y and they are just great for this job, but right now I would like to figure this one out first. Can it be done Yes/No (if No, how far can we get? what can second best be) Regards Kjell

Hi, Thank you for your post here. Yes, you can deploy IPSec tunnel (or site-to-site VPN) to establish the connectivity between site1 and site2. Before you begin, please make sure the Cryptographic Suites (VPN protocol type) on the VPN router matches the suites on the Windows Server 2003 server(SBS 2003). Persistent Branch Office (VPN with Windows Server 2003) http://technet.microsoft.com/en-us/library/dd835605(WS.10).aspx Configuring IPSec Site-to-Site Connections Between ISA Server 2004 and Third-Party Gateways http://technet.microsoft.com/en-us/library/cc302468.aspx For SBS related ISA issues, you can also post it to the SBS forum queue where SBS folks give their advice: Windows Server TechCenter > Windows Server Forums > Small Business Server http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads

Thank you Miles Li for taking the time trying to help me. I did try to follow your suggested step by step instruction (Persistent Bransch Office) but I had some trouble adapting it to my schenario. (SBS 2003 with no ISA <--> PIX501) I have followed these 2 documents, with some adaptations of course and maybe thats the reason it's not working (yet) http://support.microsoft.com/kb/816514/sv this one for windows side http://www.isaserver.org/tutorials/Implementing-IPSEC-Site-to-Site-VPN-between-ISA-Server-2006-Beta-Cisco-PIX-501.html and the second for PIX501 side The IPsec tunnel is not responding yet on either side, what can I do to test bits and pieces of it?, or is there a layout report I can submit here for you to look at?, and if possible, help me to make it work? Rgds Kjell