I am trying to set up VPN ( Remote to Site initially and gradually site to site) . But i am having a lot of confusion as to what to install and what not to. This is a diagram i found of the traditional VPN server required NPS server, AD server, CA server and VPN server. Now is it necessary for all these servers to be present for this VPN to be set up . Can i have all the servers on one single machine. If i were to use a Cisco ASA or cisco rv4500 vpn router , then do i still need to enable RRAS on my Windows Server 2008. Actually i have researched a lot and found out that Windows 2008 R2 could act like an VPN ENDPOINT. Actually could someone kindly eloborate.... Thanks Bharat

If you use Cisco ASA you do not need RRAS on Windows 2008. CA server is not required. AD is youor domain controller (so you probably have it) no need to install another one. Here are guides for deploying RRAS: http://technet.microsoft.com/en-us/library/cc754634(WS.10).aspx With kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

Krystian, Thank you for that prompt reply. Now , what you are trying to say if i would not need to enable RRAS ,if i have an ASA , or any other endpoint device. Also i would like to know. The server is IIS enabled already hosting, a website. I have heard that it is not advisable to host web services and VPN on the same server. Could you kindly tell me how this works? My question would be would i create and use my public ip address for accessing the server from home and define user name and passwords for those? Thanks Bharat

Yes. If you have ASA no need for RRAS. I do not know if your server belongs to AD or not, but even if it does not implementing RRAS would be possible and allow you to access your server from remote locations. That is true that is not advisable to have both roles installed on same server, best option one server for RRAS second for IIS (where both can be VMs of course) But it is possible to have IIS and RRAS installed on same computer, I did it several times without any major problemsWith kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

Krystian , Thank you very much for the reply. I am thrilled. Now to summarize. 1) Set the Firewall/VPN device, and then , the VPN server will take care of the IP address and it will make the client appear to be in the LAN? 2) RRAS , is not required on the server even if we want to access it remotely. 3) Could i have a firewall and vpn server on one machine. Thanks Bharat