Server Side VPN

8/6/2019 Server Side VPN

1/13

Page 1

Copyright 2005 CNET Networks, Inc. All rights reserved.

For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html

Version 1.0July 26, 2005

Step by step: Configure a Windows Server2003 VPNServer side

By Scott Lowe

TakeawaySet up a Windows Server 2003-based PPTP virtual private network (VPN) with this step-by-step installation andconfiguration guide.

Table of Contents

VPN SERVER............................................................................................................................................................................2

ADD THE REMOTE ACCESS/VPNSERVER ROLE TO YOUR WINDOWS SERVER 2003 SYSTEM .............................................2Figure A.............................................................................................................................................................................................. 2Figure B.............................................................................................................................................................................................. 3

THE ROUTING AND REMOTE ACCESS WIZARD COMPONENT .................................................................................................3Figure C.............................................................................................................................................................................................. 4Figure D.............................................................................................................................................................................................. 5Figure E.............................................................................................................................................................................................. 6Figure F .............................................................................................................................................................................................. 7Figure G ............................................................................................................................................................................................. 8Figure H.............................................................................................................................................................................................. 9Figure I ............................................................................................................................................................................................. 10Figure J ............................................................................................................................................................................................ 11

USER CONFIGURATION ..........................................................................................................................................................11Figure K............................................................................................................................................................................................ 12

UP AND RUNNING ...................................................................................................................................................................12

ADDITIONAL RESOURCES ................................................................................................................................................13

Version history.................................................................................................................................................................13Tell us what you think.....................................................................................................................................................13


2/13

Configure a Windows Server 2003 VPNServer side

VPN ServerSometimes, simplicity is the best choice for both a technology solution and the corresponding tutorial that explainshow to use the new solution. In this document, I will provide a clear, concise, systematic procedure for getting aWindows Server 2003-based PPTP VPN up and running. I'm using Windows Server 2003 with Service Pack 1 forthis guide.

Add the Remote Access/VPN Server role to your Windows Server 2003systemTo add the Remote Access/VPN Server role, go to Start | All Programs | Administrative Tools |

Configure Your Server Wizard. The first screen of this wizard is for informational purposes only and, thus,

is not shown here. Click Next. The same goes for the second screen, which just tells you some things you need tohave completed before adding new roles to your server.On the third screen of the wizard, entitled Server Role, you're presented with a list of available roles for yourserver along with column that indicates whether or not a particular role has been assigned to this machine. FigureA shows you a screen from a server on which just the IIS Web server role has been added.

Figure A

To add a new role, select the role and click Next

Page 2Copyright 2005 CNET Networks, Inc. All rights reserved.

http://techrepublic.com.com/5100-6329-5074473.htmlhttp://techrepublic.com.com/5138-10879-5766252.htmlhttp://techrepublic.com.com/5138-10879-5766252.htmlhttp://techrepublic.com.com/5100-6329-5074473.html


3/13


To add the Remote Access/VPN Server role to your server, select that role and click the Next button to move onto the next screen in the wizard, which provides you with a quick overview of the options you selected.

Figure B

The summary screen is pretty basic for this roleTake note: This selection just starts another wizard called the Routing and Remote Access Wizard, describedfurther below.

The Routing and Remote Access Wizard componentLike most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can

just click Next.The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connectionyou want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPNand NAT" selection and click Next.




4/13


Figure C

Select the VPN option and click NextThe next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used toconnect the system to the Internet. For VPN servers, you should install and use a separate network adapter forVPN applications. Network adapters are really cheap and separation makes the connections easier to secure. In

this example, I've selected the second local area network connection (see Figure D), a separate NIC from theone that connects this server to the network. Notice the checkbox labeled "Enable security on the selectedinterface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable sinceoption it helps to protect your server from outside attack. A hardware firewall is still a good idea, too.




5/13


Figure D

Select the network adapter that connects your server to the InternetWith the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which networkexternal clients should connect to in order to access resources. Notice that the adapter selected for Internetaccess is not an option here.




6/13


Figure E

Select the network containing resources needed by external clientsJust like every other client out there, your external VPN clients will need IP addresses that are local to the VPNserver so that the clients can access the appropriate resources. You have two options (really three I'll explain ina minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changes on your networkequipment for DHCP packets to get from your DHCP server to your clients. Second, you can have your VPNserver handle the distribution of IP addresses for any clients that connect to the server. To make this option work,you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I cantell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they'reremote, for example. So, for this setting, as shown in Figure F below, I prefer to use the "From a specified rangeof addresses" option. Make your selection and click Next.


http://techrepublic.com.com/5100-1035_11-1041798.htmlhttp://techrepublic.com.com/5100-1035_11-1041798.html


7/13


Figure F

Your choice on this one! I prefer to provide a range of addressesIf you select the "From a specified range of addresses" option on the previous screen, you now have to tell theRRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the Newbutton on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range

and click OK. The "Number of addresses" field will be filled in automatically based on your entry. You can alsojust enter the starting IP address and the number if IP addresses you want in the pool. If you do so, the wizardautomatically calculates the ending IP address. Click OK in the New Address Range window; your entry appearsin the Address Range Assignment window. Click Next to continue.




8/13


Figure G

You can have multiple address ranges, as long as they are all accessibleThe next screen asks you to identify the network that has shared access to the Internet. This is generally thesame network that your VPN users will use to access shared resources.




9/13


Figure H

Pick the network adapter that gives you access to the InternetAuthenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN serviceprovides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you haveother services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties

itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explainedbelow). For this example, I will not be using RADIUS, but will allow RRAS to directly authenticate incomingconnection requests.




10/13


Figure I

Decide what means of authentication you want to provideThat's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.




11/13


Figure J

The RRAS wizard summary windowThis also completes the installation of the Remote Access/VPN Server role.

User configurationBy default, users are not granted access to the services offered by the VPN; you need to grant these rights toeach user that you want to allow remote access to your network. To do this, open Active Directory Users andComputers (for domains) or Computer Management (for stand alone networks), and open the properties page fora user to whom you'd like to grant access to the VPN. Select that user's Dial-In properties page. On this page,under Remote Access Permissions, select "Allow access". Note that there are a lot of different ways to "dial in to"a Windows Server 2003 system; a VPN is but one method. Other methods include wireless networks, 802.1x, anddial-up. This article assumes that you're not using the Windows features for these other types of networks. If youare, and you specify "Allow access", a user will be able to use multiple methods to gain access to your system. Ican't go over all of the various permutations in a single article, however.


http://techrepublic.com.com/1200-26-5123755.htmlhttp://techrepublic.com.com/1200-26-5123755.html


12/13


Figure K

Allow the user access to the VPN

Up and runningThese are the steps needed on the server to get a VPN up and running. Of course, if you have devices such asfirewalls between your VPN server and the Internet, further steps may be required; these are beyond the scope ofthis article, however.

Scott Lowe11 years IT experience beginning as a Network Specialist for K-12 schools, then moving on tomanage the network group for a small college. I managed the network for a City for about a year,then worked at a financial services company. I am currently IT Director for Elmira College, a small

private college located in Elmira, NY.


http://techrepublic.com.com/5213-6257-0.html?id=1027061http://techrepublic.com.com/5213-6257-0.html?id=1027061


13/13


Additional resources Sign up for our Downloads Weekly Update, delivered on Monday afternoons.

Check out all of TechRepublic's newsletter offerings. Join a domain during Windows logon using a VPN client (Download)

Support and Configuration Checklists for Small/Midsize Networks (Download)

Windows XP: Securing VPNs (Download)

Version historyVersion: 1.0

Published: July 26, 2005

Tell us what you think

TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible.Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback.Please take a minute to drop us a line and tell us how well this download worked for you and offer yoursuggestions for improvement.

Thanks!

The TechRepublic Downloads Team

http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e072http://nl.com.com/acct_mgmt.jsp?brand=techrepublic&return_to=http://techrepublic.com.com/http://techrepublic.com.com/5138-10877-5755430.htmlhttp://techrepublic.com.com/5138-1035-5609077.htmlhttp://techrepublic.com.com/5138-10634-5513749.htmlmailto:[email protected]?subject=Download_Feedback&body=Configure_a_Windows_Server_2003_VPN%E2%80%94Server_sidemailto:[email protected]?subject=Download_Feedback&body=Configure_a_Windows_Server_2003_VPN%E2%80%94Server_sidehttp://techrepublic.com.com/5138-10634-5513749.htmlhttp://techrepublic.com.com/5138-1035-5609077.htmlhttp://techrepublic.com.com/5138-10877-5755430.htmlhttp://nl.com.com/acct_mgmt.jsp?brand=techrepublic&return_to=http://techrepublic.com.com/http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e072

Date post:	07-Apr-2018
Category:	Documents
Upload:	andrejkt
View:	225 times
Download:	1 times

Server Side VPN

Documents