Windows 2000 / Windows 2003 VPN setup questions.

  • Thread starter Thread starter Ward Horsfall
  • Start date Start date
W

Ward Horsfall

Hi,

Could I please get some basic advice. I am trying to work out how to set up
a VPN server for Windows 2000. Here
is the specific synario. The Windows 2000 Server will be a AD domain
controller. So it will need validate the
internal users on the network and be able to validate external users comming
in from the internet. The server
has two network cards one for the internal network and the other for the
internet.

Here are my specific problems

1. The Wizards?

When I go through the wizards I only have a choice of either a Network
router or a VPN server. How do I configure
this to be both what are the basic steps. For example when I chose a VPN
server - my internal clients could not
see the internet.

2. PPTP or L2TP?

Now I might be getting my terms here confused but - which one does Windows
2000 Support?

3. Windows 2003?

Approximatly how has support for VPN's change in Windows 2003 if at all?

Thanks,

Ward
 
Do not use the VPN server option. This sets you up for VPN ONLY, and
filters out all other traffic. Your LAN clients will not be able to get to
the Internet. To get the WAN miniports for VPN, use the remote access server
option.

L2tp is complex, and requires certificates. Even if you plan to use it,
I would suugest getting PPTP working first.

No great changes in Server 2003. The wizards are better and there are
lots of little improvements, but basically it is very similar.
 
Bill,

Thanks for your help...

1. Ok can you clarify - are you saying that using the Remote Access Server
option. Will set it up to be a VPN server and forward the packets on from
internal clients?

2. Do you know if by doing this on the external NIC ports all non
essentional porst are blocked?

3. Does RRAS have any form of warning if an external
source does a port-scan or telnet etc into a port they shouldn't.

Thanks,

Ward
 
1. If you use the default of allocating the remotes IP addresses in the
same subnet as the LAN machines, the remotes will be able to connect to LAN
machines. Note that VPN only gives you IP connection. To connect by name you
need DNS and/or WINS.

2 and 3. No, there is no firewalling or port filtering set up by default.
You would need to configure port filtering, or run a third party firewall.

There are also problems associated with installing remote access on a
DC, especially the first/only DC in a forest/domain. See KB 292822 and
830063 .
 
Back
Top