Demand-dial routing is the MCSE 2003 of an on-demand connection between two net-works. When a client computer directs communications to another network, a routing device initiates a connection with the other network. Site-to-site VPNs can be created by using a demand-dial connection and a VPN tunneling protocol to create a compul-sory tunnel (a tunnel that must be used if data travels this path) in response to a client request to route data between two networks. This can be accomplished by:
Important Demand-dial routing is also referred to as gateway-to-gateway VPN, router-to-router VPN, or site-to-site VPN. In this book, the VPN configuration that uses demand-dial rout?ing will be referred to as a site-to-site VPN, and the connection type will be called demand-dial routing. In this book, the term demand-dial routing is the same as saying site-to-site VPN, but you should realize that demand-dial routing can exist without the protection of a compulsory tunnel. Also, note that the VPN server used as part of a demand-dial connection is called a VPN router, and the VPN server to which clients connect by using VPN client software is called a remote access VPN server.
Providing two VPN servers—one on the perimeter of each network and then configuring at least one of them to connect to the other and create the tunnel
when a connection request is made.
Providing two VPN servers—one at each location with MCSE Certification a dial-up connection to an ISP—and then configuring at least one of them to connect to the other and create the tunnel when a connection request is made.
A remote access VPN requires the client computer to have VPN software and a VPN tunneling protocol installed, and it requires that the client request a VPN connection. The site-to-site demand-dial VPN does not. Instead, the two VPN servers create the VPN. One of them, the calling router, acts as if it were the VPN client.
The client computer is unaware that anything different than normal data transfer is occurring. On the other side of the connection, the answer?ing VPN router decrypts and routes the packet to its destination on its network. No tunnel is present and no encryption of the data is performed—as it travels from the VPN router to the destination computer.
Although demand-dial routing was originally conceived as a link between two net?works that occurs over a public telephone system (and still can be operated as one), demand-dial routing can occur over an IP internetwork by creating a connection between two VPN servers using IP addressing. In addition, although the original demand-dial connections created the tunnel in response to a client request for connection to the end network and disconnected at the end of the session, demand-dial rout?ing with Windows Server 2003 can maintain a connection even when no client requires data transfer. Communications over the site-to-site VPN can thus be either on-demand or persistent. The following additional information about CCNA certification essential data you might need to use in designing secure demand-dial routing.