VPN help needed

[Brian Beckers]

I have a task that has been given me for which I am having trouble working
out a solution.

While I have quite a bit of LAN experience, my WAN knowledge is rather
limited.


I have a network currently setup as follows:

DSL Internet --> DSL Router

DSL Router ---> Hub ---> Server 1
| \--> Workstation
|
\--> Switch ---> Server 2
\--> 8 Workstations


***** Here's what I *NEED* to be able to do:
1> I have to find a way for people in an office 20 miles away to have a
remote connection to one of the Workstations on Server 2's workgroup.
2> I would like to not purchase any additional software.
3> Both locations have broadband internet connections.
4> I think a VPN connection would work best for this project, but I am
unsure how to set one up, especially through a router.

NOTES:
All computers are new Dell desktops running WinXP Pro with all the latest
service packs and hotfixes installed.
Server 1 and the one workstation HAVE to be a specific workgroup name.
Server 2 and the associated 8 workstations HAVE to be a different specific
workgroup name.
The Router is a 3COM OfficeConnect Secure Router 3CR860-95.
I have two static IP's available for use from my ISP.
The computers on the remote location are all running Windows 2000 Pro and
are part of a domain with an old NT 4.0 server.

I've seen you guys work miracles with other tech problems posed here. I'm
hoping for some of that help to come my way.

Thanks in advance,
Brian Beckers

 

[Robert L [MS-MVP]]

1. assuming the router doesn't come with VPN build in, open ports for server
2.
2. setup server 2 as VPN server. quoted form http://www.chicagotech.net

How to configure W2K server as VPN server

To setup a Windows 2000 server for VPN, open Routing and Remote Access
console in the Administrative Tools folder, right-click the server and then
click Configure and Enable Routing and Remote Access>Virtual private network
[VPN] server. Click Next if TCP/IP is only protocol you will use. Select a
connection you will connect to on the Internet Connection. You will have two
options to assign IP to VPN clients. The default is Automatically. It is
recommended to configure the server to assign client addresses from a static
address pool, rather than assigning addresses from a DHCP server. If you
configure RAS to assign client addresses from a static address pool, clients
inherit the DNS and WINS settings from the RAS server. If your RAS server
can browse the network, clients should also be able to browse the network
with the same settings. If you prefer DHCP, verify that DHCP scope option 44
(WINS/NetBIOS name server) points to the WINS server and scope option 6
shows the address of your DNS server. When you don't define these options,
you almost guarantee problems with client browsing. Finally, you can select
using RADIUS or not.

NOTE: If VPN traffic is traveling through a router or firewall, configure
the router or firewall to pass PPTP (TCP Port 1723 and IP Protocol ID 47
[GRE - Generic Routing Encapsulation]) or L2TP over IPSec (UDP Port 500 and
IP Protocol ID 50 [Encapsulating Security Payload]) traffic to and from the
VPN server.


--
For more and other information, go to http://www.chicagotech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.chicagotech.net
This posting is provided "AS IS" with no warranties.