|
|
Need help setting up a VPN server
Hi all
I just setup a computer with windows 2003 server ent. R2 and i want it to be
running as a VPN server. It has two network cards, one which is connected to
the internal network and the other one is connected to a wireless router
(with cable) which the latter then connects to an ADSL modem for Internet
connectviity. My question is how can I enable Routing and Remote access on
this machine and make the server act as a VPN server (giving access to
internal resources). I am sure this involves some port forwarding from modem
to router and also a way to translate the IP address to an Internet host
name (using no-ip.com for example)
Thanks a lot for your help!
|
|
1. Make sure the router is PPTP pass through or GRE enabled.
2. Forward port 1723 to the windows server.
3. This how to may help
How to setup VPN
To create VPN connection, open Networking Connections>New Connection
Wizard>Set up an advanced connection>Accept incoming connections, then
follow the ...
www.howtonetworking.com/Windows/vpnsetup.htm
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Paul Smith" <teknologix007[ at ]gmail.com> wrote in message
news:%23Ov4oqPZJHA.4480[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Need help setting up a VPN server
>
> Hi all
>
> I just setup a computer with windows 2003 server ent. R2 and i want it to
> be running as a VPN server. It has two network cards, one which is
> connected to the internal network and the other one is connected to a
> wireless router (with cable) which the latter then connects to an ADSL
> modem for Internet connectviity. My question is how can I enable Routing
> and Remote access on this machine and make the server act as a VPN server
> (giving access to internal resources). I am sure this involves some port
> forwarding from modem to router and also a way to translate the IP address
> to an Internet host name (using no-ip.com for example)
>
> Thanks a lot for your help!
>
|
|
Is it recommended to use Server 2003 for VPN server or a hardware appliance?
Rob
"Robert L. (MS-MVP)" <findemail[ at ]chicagotech.net> wrote in message
news:OXpXNHRZJHA.5108[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > 1. Make sure the router is PPTP pass through or GRE enabled. > 2. Forward port 1723 to the windows server. > 3. This how to may help > How to setup VPN > To create VPN connection, open Networking Connections>New Connection > Wizard>Set up an advanced connection>Accept incoming connections, then > follow the ... > www.howtonetworking.com/Windows/vpnsetup.htm > > > -- > Bob Lin, MS-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net> How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com> "Paul Smith" <teknologix007[ at ]gmail.com> wrote in message > news:%23Ov4oqPZJHA.4480[ at ]TK2MSFTNGP06.phx.gbl... >> Need help setting up a VPN server >> >> Hi all >> >> I just setup a computer with windows 2003 server ent. R2 and i want it to >> be running as a VPN server. It has two network cards, one which is >> connected to the internal network and the other one is connected to a >> wireless router (with cable) which the latter then connects to an ADSL >> modem for Internet connectviity. My question is how can I enable Routing >> and Remote access on this machine and make the server act as a VPN server >> (giving access to internal resources). I am sure this involves some port >> forwarding from modem to router and also a way to translate the IP >> address to an Internet host name (using no-ip.com for example) >> >> Thanks a lot for your help! >> > |
|
In most cases, I recommend to use hardware VPN. However, based on our test,
Windows 2008 VPN work great.
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Rob" <noemail[ at ]email.com> wrote in message
news:OBn1V3RZJHA.1336[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Is it recommended to use Server 2003 for VPN server or a hardware > appliance? > > Rob > > "Robert L. (MS-MVP)" <findemail[ at ]chicagotech.net> wrote in message > news:OXpXNHRZJHA.5108[ at ]TK2MSFTNGP05.phx.gbl... >> 1. Make sure the router is PPTP pass through or GRE enabled. >> 2. Forward port 1723 to the windows server. >> 3. This how to may help >> How to setup VPN >> To create VPN connection, open Networking Connections>New Connection >> Wizard>Set up an advanced connection>Accept incoming connections, then >> follow the ... >> www.howtonetworking.com/Windows/vpnsetup.htm >> >> >> -- >> Bob Lin, MS-MVP, MCSE & CNE >> Networking, Internet, Routing, VPN Troubleshooting on >> http://www.ChicagoTech.net>> How to Setup Windows, Network, VPN & Remote Access on >> http://www.HowToNetworking.com>> "Paul Smith" <teknologix007[ at ]gmail.com> wrote in message >> news:%23Ov4oqPZJHA.4480[ at ]TK2MSFTNGP06.phx.gbl... >>> Need help setting up a VPN server >>> >>> Hi all >>> >>> I just setup a computer with windows 2003 server ent. R2 and i want it >>> to be running as a VPN server. It has two network cards, one which is >>> connected to the internal network and the other one is connected to a >>> wireless router (with cable) which the latter then connects to an ADSL >>> modem for Internet connectviity. My question is how can I enable Routing >>> and Remote access on this machine and make the server act as a VPN >>> server (giving access to internal resources). I am sure this involves >>> some port forwarding from modem to router and also a way to translate >>> the IP address to an Internet host name (using no-ip.com for example) >>> >>> Thanks a lot for your help! >>> >>
|
|
"Paul Smith" <teknologix007[ at ]gmail.com> wrote in message
news:#Ov4oqPZJHA.4480[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Need help setting up a VPN server
>
> Hi all
>
> I just setup a computer with windows 2003 server ent. R2 and i want it to
> be running as a VPN server. It has two network cards, one which is
> connected to the internal network and the other one is connected to a
> wireless router (with cable) which the latter then connects to an ADSL
> modem for Internet connectviity. My question is how can I enable Routing
> and Remote access on this machine and make the server act as a VPN server
> (giving access to internal resources). I am sure this involves some port
> forwarding from modem to router and also a way to translate the IP address
> to an Internet host name (using no-ip.com for example)
>
> Thanks a lot for your help!
>
Setting it up as a remote access server is pretty easy. The wizard does
it for you. Do this and make sure that you can make a VPN connection to this
server from a local workstation using its local address. There is no point
in trying to connect from the Internet until this works. The tricky bit is
getting access to it from the Internet, because your server does not have a
public IP address.
Does the wireless router have a public IP? Is it static or dynamic? This
is pretty important because this is the device you have to connect to from
the Internet. When you work out how to access the router from the Internet
you can look at port forwarding on the router to extend the connection to
your server on the private network.
|
|
"Rob" <noemail[ at ]email.com> wrote in message
news:OBn1V3RZJHA.1336[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Is it recommended to use Server 2003 for VPN server or a hardware
> appliance?
Either is fine. But you may also consider replacing the "router" *with* the
RRAS box (or the appliance). Or use the wireless "router" as the VPN
Server if it is capable.
If it were mine, I would be ditching the wireless "router" for something
less "home-user" like the RRAS box or a commercial firewall that has VPN
capability. For the wireless element I would use a Wireless Access Point
[WAP] (not a "router") and have that sitting inside the LAN preferabley far
enough from an outside wall as I could get it to reduce the reach of the
signal that leaks outside.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
Yeah, that's what I've read. What I did to reduce people using the signal
outside is after business hours, I used the built in rules in the Linksys
WRT45G to disable internet access before and after business hours. It is a
public wireless internet router meant only for customers. If I were to use
RRAS for the vpn server, would I have to have another RRAS box at another
location maintaining the site-to-site vpn or can I use a vpn endpoint router
to connect to the RRAS box?
Rob
"Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message
news:#4kIjhfZJHA.1188[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] >
> "Rob" <noemail[ at ]email.com> wrote in message
> news:OBn1V3RZJHA.1336[ at ]TK2MSFTNGP02.phx.gbl...
>> Is it recommended to use Server 2003 for VPN server or a hardware
>> appliance?
>
> Either is fine. But you may also consider replacing the "router" *with*
> the RRAS box (or the appliance). Or use the wireless "router" as the VPN
> Server if it is capable.
>
> If it were mine, I would be ditching the wireless "router" for something
> less "home-user" like the RRAS box or a commercial firewall that has VPN
> capability. For the wireless element I would use a Wireless Access Point
> [WAP] (not a "router") and have that sitting inside the LAN preferabley
> far enough from an outside wall as I could get it to reduce the reach of
> the signal that leaks outside.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
|
|
Hi,
It is recommended to have some type of firewall between. Personally I have a
hardware firewall and ISA installed.
Here are my settings. I just setup recently and it works great.
Routing and Remote Access Server Settings (Admin tools)– VPN Server
Properites of Server
General Tab
Enable as Router – LAN and Demand Dial
Remove Access Server
Security Tab
Windows Authentication
Authentication Methods Button
EAP – not ticked
MS-CHAP v2 – TICKED
MS-CHAP – not ticked
CHAP – not ticked
SPAP – not Ticked
Unencyrpted password PAP – Not Ticked
Unauthenticated Access – Does Not allow remote systems to
connect without authentication.
IP Tab
Enable IP Routing
Allow IP-based remote access
DHCP
Adaptor – Internal Network adaptor obtains DHCP, DNS and WINS
PPP Tab
Multilink Connections ticked (all ticked)
Event Logging
Log Errors and Warnings
Remote Access Policies
ISA Server Default Policy
Allow Access if Part of VPN Group
NAS-Port-Type matches “Virtual VPN†AND
Windows-Groups matches “Domain\VPN Users†AND
Day and Time Restrictions matches Sun 6am-2400-Mon 5am-2400
Tunnel-Type matches “Point to Point Tunneling Protocol (PPTP)
Grant Remote Access Permission
Ports Properties
L2TP Ports – 1
Remote access connections ticked
Demand Dial routing ticked
Phone Number xxx.xxx.xxx.xxx (put IP here)
Number of Ports 1
PPTP Ports – 1
Remote access connections ticked
Demand Dial routing ticked
Phone Number xxx.xxx.xxx.xxx (put IP here)
Number of Ports 1
IP Routing – DHCP Relay Agent
Properties – Add IP of DHCP Server
IP Routing - General Properties
Properties of External Connections
General Tab
Input and Output Filters
Inbound Filters
Drop ALL packets except those that meet the criteria below
Source Address Source Mask Destination Address Destination
Mask Protocol Source Port or Type Destination Port or Code
Any Any xxx.xxx.xxx.xxx 255.255.255.255 47 Any Any
Any Any xxx.xxx.xxx.xxx 255.255.255.255 TCP Any 1723
Any Any xxx.xxx.xxx.xxx 255.255.255.255 TCP(est) 1723 Any
Output Filters
Drop ALL packets except those that meet the criteria below
Source Address Source Mask Destination Address Destination
Mask Protocol Source Port or Type Destination Port or Code
xxx.xxx.xxx.xxx 255.255.255.255 Any Any 47 Any Any
xxx.xxx.xxx.xxx 255.255.255.255 Any Any TCP 1723 Any
xxx.xxx.xxx.xxx 255.255.255.255 Any Any TCP(est) Any 1723
Cheers,
Lara
"Paul Smith" wrote:
[Quoted Text] > Need help setting up a VPN server
>
> Hi all
>
> I just setup a computer with windows 2003 server ent. R2 and i want it to be
> running as a VPN server. It has two network cards, one which is connected to
> the internal network and the other one is connected to a wireless router
> (with cable) which the latter then connects to an ADSL modem for Internet
> connectviity. My question is how can I enable Routing and Remote access on
> this machine and make the server act as a VPN server (giving access to
> internal resources). I am sure this involves some port forwarding from modem
> to router and also a way to translate the IP address to an Internet host
> name (using no-ip.com for example)
>
> Thanks a lot for your help!
>
>
>
|
|
"Rob" <noemail[ at ]email.com> wrote in message
news:OrdwQ7hZJHA.5124[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Yeah, that's what I've read. What I did to reduce people using the signal
> outside is after business hours, I used the built in rules in the Linksys
> WRT45G to disable internet access before and after business hours. It is a
> public wireless internet router meant only for customers. If I were to use
> RRAS for the vpn server, would I have to have another RRAS box at another
> location maintaining the site-to-site vpn or can I use a vpn endpoint
> router to connect to the RRAS box?
I really can't answer that. You're situation is just too "foggy" for me.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
OK, can I use a Netgear FVS318 VPN Endpoint to connect to the RRAS server?
Rob
"Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message
news:eR2KLsdaJHA.5420[ at ]TK2MSFTNGP04.phx.gbl...
[Quoted Text] > "Rob" <noemail[ at ]email.com> wrote in message
> news:OrdwQ7hZJHA.5124[ at ]TK2MSFTNGP05.phx.gbl...
>> Yeah, that's what I've read. What I did to reduce people using the signal
>> outside is after business hours, I used the built in rules in the Linksys
>> WRT45G to disable internet access before and after business hours. It is
>> a public wireless internet router meant only for customers. If I were to
>> use RRAS for the vpn server, would I have to have another RRAS box at
>> another location maintaining the site-to-site vpn or can I use a vpn
>> endpoint router to connect to the RRAS box?
>
> I really can't answer that. You're situation is just too "foggy" for me.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
|
|
I don't know.
It would probably have to be an IPSec Tunnel and not a PPTP or L2TP Tunnel.
I suspect the structure of how RRAS deals with PPTP or L2TP is not going to
be the same as the Netgear does it.
....and that is a guess.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"Rob" <noemail[ at ]email.com> wrote in message
news:0BBD0096-B487-4A6C-A64D-39B417F251A1[ at ]microsoft.com...
[Quoted Text] > OK, can I use a Netgear FVS318 VPN Endpoint to connect to the RRAS server? > > Rob > > "Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message > news:eR2KLsdaJHA.5420[ at ]TK2MSFTNGP04.phx.gbl... >> "Rob" <noemail[ at ]email.com> wrote in message >> news:OrdwQ7hZJHA.5124[ at ]TK2MSFTNGP05.phx.gbl... >>> Yeah, that's what I've read. What I did to reduce people using the >>> signal outside is after business hours, I used the built in rules in the >>> Linksys WRT45G to disable internet access before and after business >>> hours. It is a public wireless internet router meant only for customers. >>> If I were to use RRAS for the vpn server, would I have to have another >>> RRAS box at another location maintaining the site-to-site vpn or can I >>> use a vpn endpoint router to connect to the RRAS box? >> >> I really can't answer that. You're situation is just too "foggy" for me. >> >> -- >> Phillip Windell >> www.wandtv.com >> >> The views expressed, are my own and not those of my employer, or >> Microsoft, >> or anyone else associated with me, including my cats. >> ----------------------------------------------------- >> >>
|
|
Do you know of any articles out there about doing this? I've looked, but
didn't find anything related to what I want to do.
Rob
"Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message
news:eo2R15eaJHA.1336[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > I don't know. > It would probably have to be an IPSec Tunnel and not a PPTP or L2TP > Tunnel. I suspect the structure of how RRAS deals with PPTP or L2TP is not > going to be the same as the Netgear does it. > > ...and that is a guess. > > -- > Phillip Windell > www.wandtv.com > > The views expressed, are my own and not those of my employer, or > Microsoft, > or anyone else associated with me, including my cats. > ----------------------------------------------------- > > > "Rob" <noemail[ at ]email.com> wrote in message > news:0BBD0096-B487-4A6C-A64D-39B417F251A1[ at ]microsoft.com... >> OK, can I use a Netgear FVS318 VPN Endpoint to connect to the RRAS >> server? >> >> Rob >> >> "Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message >> news:eR2KLsdaJHA.5420[ at ]TK2MSFTNGP04.phx.gbl... >>> "Rob" <noemail[ at ]email.com> wrote in message >>> news:OrdwQ7hZJHA.5124[ at ]TK2MSFTNGP05.phx.gbl... >>>> Yeah, that's what I've read. What I did to reduce people using the >>>> signal outside is after business hours, I used the built in rules in >>>> the Linksys WRT45G to disable internet access before and after business >>>> hours. It is a public wireless internet router meant only for >>>> customers. If I were to use RRAS for the vpn server, would I have to >>>> have another RRAS box at another location maintaining the site-to-site >>>> vpn or can I use a vpn endpoint router to connect to the RRAS box? >>> >>> I really can't answer that. You're situation is just too "foggy" for me. >>> >>> -- >>> Phillip Windell >>> www.wandtv.com >>> >>> The views expressed, are my own and not those of my employer, or >>> Microsoft, >>> or anyone else associated with me, including my cats. >>> ----------------------------------------------------- >>> >>> > > |
|
i managed to setup my VPN using windows 2003 but now i cannot browse..
i mean when connecting to my VPN to my internal network I canot use the
internet. when i close the connection, the internet is back...
what can i do to have both of them simultaneously running?
thanks
"Rob" <noemail[ at ]email.com> wrote in message
news:2461E44B-24A2-41F7-BE7E-6A75569DC931[ at ]microsoft.com...
[Quoted Text] > Do you know of any articles out there about doing this? I've looked, but > didn't find anything related to what I want to do. > > Rob > > "Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message > news:eo2R15eaJHA.1336[ at ]TK2MSFTNGP02.phx.gbl... >> I don't know. >> It would probably have to be an IPSec Tunnel and not a PPTP or L2TP >> Tunnel. I suspect the structure of how RRAS deals with PPTP or L2TP is >> not >> going to be the same as the Netgear does it. >> >> ...and that is a guess. >> >> -- >> Phillip Windell >> www.wandtv.com >> >> The views expressed, are my own and not those of my employer, or >> Microsoft, >> or anyone else associated with me, including my cats. >> ----------------------------------------------------- >> >> >> "Rob" <noemail[ at ]email.com> wrote in message >> news:0BBD0096-B487-4A6C-A64D-39B417F251A1[ at ]microsoft.com... >>> OK, can I use a Netgear FVS318 VPN Endpoint to connect to the RRAS >>> server? >>> >>> Rob >>> >>> "Phillip Windell" <philwindell[ at ]hotmail.com> wrote in message >>> news:eR2KLsdaJHA.5420[ at ]TK2MSFTNGP04.phx.gbl... >>>> "Rob" <noemail[ at ]email.com> wrote in message >>>> news:OrdwQ7hZJHA.5124[ at ]TK2MSFTNGP05.phx.gbl... >>>>> Yeah, that's what I've read. What I did to reduce people using the >>>>> signal outside is after business hours, I used the built in rules in >>>>> the Linksys WRT45G to disable internet access before and after >>>>> business >>>>> hours. It is a public wireless internet router meant only for >>>>> customers. If I were to use RRAS for the vpn server, would I have to >>>>> have another RRAS box at another location maintaining the site-to-site >>>>> vpn or can I use a vpn endpoint router to connect to the RRAS box? >>>> >>>> I really can't answer that. You're situation is just too "foggy" for >>>> me. >>>> >>>> -- >>>> Phillip Windell >>>> www.wandtv.com >>>> >>>> The views expressed, are my own and not those of my employer, or >>>> Microsoft, >>>> or anyone else associated with me, including my cats. >>>> ----------------------------------------------------- >>>> >>>> >> >>
|
|
"Rob" <noemail[ at ]email.com> wrote in message
news:2461E44B-24A2-41F7-BE7E-6A75569DC931[ at ]microsoft.com...
[Quoted Text] > Do you know of any articles out there about doing this? I've looked, but
> didn't find anything related to what I want to do.
I think you are going down the wrong road.
But the situation is way too unclear to come up with a good solution.
You probably should back up to the beginning and explain the situation more
clearly and describe the reason for doing what you are doing.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
"Paul Smith" <teknologix007[ at ]gmail.com> wrote in message
news:%23OF97pmaJHA.1336[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] >i managed to setup my VPN using windows 2003 but now i cannot browse..
>
> i mean when connecting to my VPN to my internal network I canot use the
> internet. when i close the connection, the internet is back...
That is exactly how it is supposed to work with a Remote Access VPN.
> what can i do to have both of them simultaneously running?
There is a way, but you are not supposed to do it.
You probably should start your own new thread to pursue this. It is
confusing to run two conversations in the same thread.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
|