Demand-Dial Routing Example
Applies To: Windows 7, Windows Server 2008 R2
The following illustration shows the configuration between two offices that want to use two-way initiated demand-dial IP routing. For a description of the process used to connect the networks in the scenario shown here, see Demand-Dial Connection Process.
The Seattle office has an RRAS server that acts as a remote access server and demand-dial router. All computers in the Seattle office are connected to the 172.16.1.0 network (subnet mask 255.255.255.0). The Seattle router (referred to as Router 1) has a modem connected to its COM1 port and the phone number of the modem is 555-0111.
The New York office has an RRAS server that acts as a remote access server and demand-dial router. All computers in the New York office are connected to the 172.16.2.0 network (subnet mask 255.255.255.0). The New York router (referred to as Router 2) has a modem connected to its COM2 port and the phone number of the modem is 555-0122.
The user on the computer with the IP address of 172.16.1.10 needs to be able to connect to the user on the computer with the IP address of 172.16.2.20, and vice versa.
Configuring Router 1
The configuration for demand-dial routing on Router 1 consists of the following three steps:
Create a demand-dial interface
Create a static route
Create an account with dial-in permissions
Create a demand-dial interface
The administrator at Router 1 uses RRAS and the Demand-dial Interface wizard to create a demand-dial interface called “DD_NewYork” with the following configuration:
Equipment: Modem on COM1
Phone number: 555-0122
Protocols: TCP/IP
Authentication credentials: user account “DD_Seattle” with a password. This must match the user account name and password created and granted permissions to dial in to the New York router in the Configuring Router 2 section below.
Create a static route
By using RRAS, the Demand-dial Interface wizard will already have the name and destination of the static route with the following configuration:
Interface: DD_NewYork
Destination: 172.16.2.0
Network mask: 255.255.255.0
Metric: 1
Note
Because the demand-dial connection is a point-to-point connection, the gateway IP address cannot be configured.
Create an account with dial-in permissions
The administrator at Router 1 uses Active Directory Users and Computers or Local Users and Groups to create a user account with the following settings:
Account name: “DD_NewYork” with a password.
Account settings: Clear the User must change password at next logon check box and select the Password never expires check box.
The administrator grants the DD_NewYork account dial-in permissions by using either the Dial-in properties tab of the user account or network policies.
Configuring Router 2
The configuration for demand-dial routing on Router 2 consists of the following three steps:
Create a demand-dial interface
Create a static route
Create an account with dial-in permissions
Create a demand-dial interface
The administrator at Router 2 uses RRAS to create a demand-dial interface called DD_Seattle with the following configuration:
Equipment: Modem on COM2
Phone number: 555-0111
Protocols: TCP/IP
Authentication credentials: DD_NewYork with a password. This must match the user account name and password created and granted permissions to dial-in to the Seattle router in the Configuring Router 1 section earlier.
Create a static route
By using RRAS, the Demand-dial Interface wizard will already have the name and destination of the static route with the following configuration:
Interface: DD_Seattle
Destination: 172.16.1.0
Network mask: 255.255.255.0
Metric: 1
Note
Because the demand-dial connection is a point-to-point connection, the gateway IP address cannot be configured.
Create an account with dial-in permissions
The administrator uses Active Directory Users and Computers or Local Users and Groups at Router 2 to create a user account with the following settings:
Account name: DD_Seattle with a password.
Account settings: Clear the User must change password at next logon check box and select the Password never expires check box.
The DD_Seattle account is granted dial-in permissions either through the Dial-in properties tab of the user account or through network policies.
Resulting configuration
The following figure shows the demand-dial interfaces, static routes, and user accounts for the routers for the Seattle and New York offices.
Note
In order for two-way initiated demand-dial routing to work properly, authentication credentials (such as user account name) for the demand-dial interface must be created on both RRAS servers. This example shows a proper configuration and is summarized in the following table.
Router | Demand-dial interface name | User account name |
---|---|---|
Router 1 |
DD_NewYork |
DD_Seattle |
Router 2 |
DD_Seattle |
DD_NewYork |