Configure a Windows Server VPN

8/8/2019 Configure a Windows Server VPN

http://slidepdf.com/reader/full/configure-a-windows-server-vpn 1/12

TechRepublic : A ZDNet Tech Community

Configure a Windows Server 2003 VPN onthe server side

by Scott Lowe MCSE | Jul 26, 2005 7:25:00 PM

Tags: VPNs, Network security, NETWORKING, Servers, TELECOMMUNICATIONS...

Takeaway: Set up a Windows Server 2003-based PPTP virtual private network (VPN) with thisstep-by-step installation and configuration guide.

People who read this, also read...

Get connected to a Windows Server 2003 VPN in this step-by-stepGet IT Done: Provide VPN services using Windows Server 2003Managing Routing And Remote Access in Windows Server 2003How do I... Configure Windows Small Business Server 2003 R2 Remote Access?Configure Windows Server 2003 to act as a router

Sometimes, simplicity is the best choice for both a technology solution and the correspondingtutorial that explains how to use the new solution. In this document, I will provide a clear, concise,systematic procedure for getting a Windows Server 2003-based PPTP VPN up and running. I'musing Windows Server 2003 with Service Pack 1 for this guide.

dd the Remote Access/VPN Server role to yourindows Server 2003 system

To add the Remote Access/VPN Server role, go to Start | All Programs | Administrative Tools |Configure Your Server Wizard. The first screen of this wizard is for informational purposes only and, thus, is not shown here. Click Next. The same goes for the second screen, which just tells yousome things you need to have completed before adding new roles to your server.

On the third screen of the wizard, entitled Server Role, you're presented with a list of availableroles for your server along with column that indicates whether or not a particular role has beenassigned to this machine. Figure A shows you a screen from a server on which just the IIS Webserver role has been added.

Figure A

figure a Windows Server 2003 VPN on the server side http://articles.techrepublic.com.com/5100-10878_11-5805260.html

r 12 12/03/2010 00:41



To add a new role, select the role and click Next

To add the Remote Access/VPN Server role to your server, select that role and click the Next button to move on to the next screen in the wizard, which provides you with a quick overview of the options you selected.

Figure B

The summary screen is pretty basic for this role

Take note: This selection just starts another wizard called the Routing and Remote Access Wizard, described further below.

The Routing and Remote Access Wizard component

Like most wizards, the first screen of the Routing and Remote Access wizard is purely


r 12 12/03/2010 00:41



informational and you can just click Next.

The second screen in this wizard is a lot meatier and asks you to decide what kind of remoteaccess connection you want to provide. Since the goal here is to set up a PPTP-based VPN, selectthe "Virtual Private Network VPN and NAT" selection and click Next.

Figure C

Select the VPN option and click Next

The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. For VPN servers, you should install and usea separate network adapter for VPN applications. Network adapters are really cheap andseparation makes the connections easier to secure. In this example, I've selected the second localarea network connection (see Figure D), a separate NIC from the one that connects this server tothe network. Notice the checkbox labeled "Enable security on the selected interface by setting up

Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option ithelps to protect your server from outside attack. A hardware firewall is still a good idea, too.

Figure D


r 12 12/03/2010 00:41



Select the network adapter that connects your server to the Internet

With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that theadapter selected for Internet access is not an option here.

Figure E

Select the network containing resources needed by external clients


r 12 12/03/2010 00:41



Just like every other client out there, your external VPN clients will need IP addresses that arelocal to the VPN server so that the clients can access the appropriate resources. You have twooptions (really three â€" I'll explain in a minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changeson your network equipment for DHCP packets to get from your DHCP server to your clients.Second, you can have your VPN server handle the distribution of IP addresses for any clients that

connect to the server. To make this option work, you give your VPN server a range of available IPaddresses that it can use. This is the method I prefer since I can tell at a glance exactly from wherea client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, forexample. So, for this setting, as shown in Figure F below, I prefer to use the "From a specifiedrange of addresses" option. Make your selection and click Next.

Figure F

Your choice on this one! I prefer to provide a range of addresses

If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPNclients. To do this, click the New button on the Address Range Assignment screen. Type in thestarting and ending IP addresses for the new range and click OK. The "Number of addresses" field

will be filled in automatically based on your entry. You can also just enter the starting IP addressand the number if IP addresses you want in the pool. If you do so, the wizard automatically calculates the ending IP address. Click OK in the New Address Range window; your entry appearsin the Address Range Assignment window. Click Next to continue.

Figure G


r 12 12/03/2010 00:41



You can have multiple address ranges, as long as they are all accessible

The next screen asks you to identify the network that has shared access to the Internet. This isgenerally the same network that your VPN users will use to access shared resources.

Figure H

Pick the network adapter that gives you access to the Internet


r 12 12/03/2010 00:41



Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other services already using RADIUS. Or, you can just letthe RRAS service handle the authentication duties itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this example, I will not beusing RADIUS, but will allow RRAS to directly authenticate incoming connection requests.

Figure I

Decide what means of authentication you want to provide

That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.

Figure J


r 12 12/03/2010 00:41



The RRAS wizard summary window

This also completes the installation of the Remote Access/VPN Server role.

User configuration

By default, users are not granted access to the services offered by the VPN; you need to grantthese rights to each user that you want to allow remote access to your network. To do this, open

Active Directory Users and Computers (for domains) or Computer Management (for stand alonenetworks), and open the properties page for a user to whom you'd like to grant access to the VPN.Select that user's Dial-In properties page. On this page, under Remote Access Permissions, select"Allow access". Note that there are a lot of different ways to "dial in to" a Windows Server 2003system; a VPN is but one method. Other methods include wireless networks, 802.1x, and dial-up.This article assumes that you're not using the Windows features for these other types of networks.If you are, and you specify "Allow access", a user will be able to use multiple methods to gainaccess to your system. I can't go over all of the various permutations in a single article, however.

Figure K


r 12 12/03/2010 00:41



Allow the user access to the VPN

Up and running

These are the steps needed on the server to get a VPN up and running. Of course, if you havedevices such as firewalls between your VPN server and the Internet, further steps may berequired; these are beyond the scope of this article, however.

People who read this, also read...

Get connected to a Windows Server 2003 VPN in this step-by-stepGet IT Done: Provide VPN services using Windows Server 2003Managing Routing And Remote Access in Windows Server 2003How do I... Configure Windows Small Business Server 2003 R2 Remote Access?Configure Windows Server 2003 to act as a router

Print/View all PostsComments on this article

DOWNLOAD: Configure a Windows Server 2003 VPN on the server side Mark W. Kaelin| 07/26/05

Questions Scott Lowe | 07/27/05

Connection dropping keith.worden@... | 08/10/05


r 12 12/03/2010 00:41



Also have connections dropping larrys@... | 10/18/05

What do you have for a firewall? agh3@... | 10/27/05

Question - Already had Remote Access Setup for Modem phil@... | 11/23/05

Same Problem dcpsys@... | 01/27/06

Issues with Mac/SMB dongraham@... | 04/03/07

vpn server and client sumant@... | 07/17/07

Concept Problem linitocmcc@... | 04/17/09

error 16389 sars020 | 09/03/09

Need Advice BoltonBlue | 05/05/06

router/firewall settings olijackson@... | 01/15/07

RE: Configure a Windows Server 2003 VPN on the server side rmpel@... | 07/06/07

"Manage Your Server" O/Siris | 10/22/08

RE: Configure a Windows Server 2003 VPN on the server side sumant@... | 07/17/07

Configure the VPN I have a problem indiapsr@... | 06/29/08

to creating vpn sirajk123@... | 08/22/07

creating vpn sirajk123@... | 08/22/07

RE: Configure a Windows Server 2003 VPN on the server side kumar3239@... | 11/27/07

RE: Configure a Windows Server 2003 VPN on the server side kailash.suthar@... | 01/08/08

RE: Configure a Windows Server 2003 VPN on the server side kesava7hills@... | 01/24/08

RE: Configure a Windows Server 2003 VPN on the server sidehiatham_soliman@... | 02/23/08

Does not work with 1 LAN card, help please... support@... | 02/27/08

how i configure the client side setting for vpn in windows server2003sultan_fd8@... | 02/29/08


ur 12 12/03/2010 00:41



RE: Configure a Windows Server 2003 VPN on the server side ronakulus | 04/16/08

RE: Configure a Windows Server 2003 VPN on the server side pankaj_ralhi@... | 05/08/08

Can I use ordinary Desktop or PC with Windows XP Professional SP2omomoh65@... | 09/04/08

Yes, it can be done. O/Siris | 10/22/08

RE: Configure a Windows Server 2003 VPN on the server side dhirajm6@... | 10/10/08

RE: Configure a Windows Server 2003 VPN on the server side harris@... | 12/17/08

RE: Configure a Windows Server 2003 VPN on the server side abb2151989@... | 01/11/09

RE: Configure a Windows Server 2003 VPN on the server side snehal bhavsar | 08/03/09

RE: Configure a Windows Server 2003 VPN on the server side mdfiroz240@... | 08/25/09

RE: Configure a Windows Server 2003 VPN on the server side jojo_joscta@... | 11/09/09

what is the physical network layout before VPN server configured?desmond_ang2005 | 12/04/09

what is the physical network layout before VPN server configured?desmond_ang2005 | 12/04/09

VPN Server Physical Layout cvisiontec | 12/23/09

RE: Configure a Windows Server 2003 VPN on the server side vsbabumca | 01/25/10

RE: Configure a Windows Server 2003 VPN on the server side muddinbd | 02/02/10

My UpdatesMy Contacts

Would you like your own dynamic Workspace on T echRepublic?

Take two minutes and set up a TechRepublic member profile.

Would you like your own dynamic Workspace on T echRepublic?

Take two minutes and set up a TechRepublic member profile.

Popular on CBS sites: College Signing Day | March Madness | TV | iPhone | Cell Phones | VideoGame Reviews | Free Music


ur 12 12/03/2010 00:41



About CBS Interactive | Jobs | Advertise | Mobile | Site Map

© 2010 CBS Interactive Inc. All rights reserved. | Privacy Policy (updated) | Terms of Use


Documents

Configure a Windows Server VPN