Advertisment

Setup a VPN on Windows 2003 Server

author-image
PCQ Bureau
New Update

Think of a scenario where you need to access some important

files from your corporate server and you are sitting far away. One way is to set

up a remote access server with dial-up links. The other alternative is to set up

a remote access server over VPN. This will allow you to access your network

resources over the Internet. The links can also be secured so that data is

encrypted while being transferred. We'll explain how this can be done using

Windows 2003 server. For this, you need a multi-homed server with at least two

network cards. The remaining process is as follows.

Advertisment
Direct

Hit!
Applies

to:
IT Managers
USP:

Remotely connect to your corporate network

Links:

www.microsoft.com/technet/itsolutions/network/vpn/default.mspx 
Google

keywords:
VPN, Windows 2003 VPN

Server setup



Configure both network cards with static IP addresses, one with an internal

IP of your LAN, while the other with a public IP. You also need a firewall in

between to ensure that your LAN is secure from external access. Then from your

Windows 2003 server, go to Start>Programs> Administrative tools>Routing

and Remote access. This opens a Routing and Remote Access MMC (Microsoft

Management Console). On the left panel, you will find an icon showing the

server's status. Right-click on the server icon and from the popup menu,

select the 'Configure and Enable Routing and Remote Access' option from the

pop-up menu. This will launch a Routing and Remote Access wizard to configure

its services. Click on Next, and the wizard will ask you to select the type of

routing configuration you would like to set for this machine. Select 'Virtual

Private Network (VPN) Server' and click Next. Now, the wizard will show you

the Remote client Protocol page, select 'Yes, all required protocols are on

this list' option and Next. By default setting is TCP/IP.

From Routing and Remote Access wizard, you need to select the third option to set up VPN
Advertisment

Here, the wizard will ask you to configure the network card

for VPN setup. Select the network card, which is connected on the public network

(203.122.29.x) and click on Next. It will open the IP address assignment page;

click on the 'automatic' radio button, if your network has a DHCP server

available. If not, click on the 'From a specified range of address' option,

and give the range of IPs for clients and click on Next. This screen will allow

you to configure the authentication mode for the VPN setup.

Adding security policies



However, you can manage multiple remote access servers centrally with the

help of RADIUS or Remote authentication Dial-In User Service.

You can have multiple remote access servers on your

network, but you would like to authenticate users from one central server,

rather than creating users account for each remote access server. For

configuring RADIUS use IAS (Internet Authentication Server), built-in Windows

2000 Server. If you authenticate from the same server, click “No, I don't

want to setup this server to use RADIUS now' and click next.  Finally

click on Finish button to complete the Routing and Remote Assess Server

configuration. After this you need to set policy for the users so that the

remote user can dial-in. To give access policies to users to connect on the VPN

server, you must specify some access permission to the users.

Advertisment

 The RRAS wizard lets you choose the configuration you

want, so that remote users can connect to the VPN server from their VPN clients.

Open Routing and Remote Access from Start>Programs>Administrative tools.

Click on 'Remote Access Policies' given on the left panel, and click on plus

sign (+) to expand its sub-tree.

Here from the User Management Console, select the user and set its Dial-In Accessto 'Allow Access”

On the right panel, you find 'Allow access if dial-in

permission enabled' option, right-click it to select its properties. From the

property sheet, select 'Grant Remote Access permission' radio button, then

click 'Ok' and close the Routing and Remote Access MMC. Next you need to

grant permission to the remote users to connect to the VPN server. For this open

'Active Directory User and Computer' from Start>Programs>

Administrative Tools, and select the user. Double-click on it to check user

properties. From the user property sheet, click on Dial-In tab and select

'Allow access' radio button from Access permission Dial-In or (VPN) option.

Click 'Ok' and close the Active Directory User and Computer MMC.

Advertisment

Setup VPN client



Creating VPN clients is simple. We used Win XP Pro as a remote client. Go to

Start>Programs> Accessories> Communication, and click on 'New

connection Wizard'.

This runs a wizard for creating a VPN connection. Select

'Connect to the network to my workplace' and click on 'Next'. On the

Network Connection page, click on 'Virtual Private Network Connection' and

click on Next. Next, the wizard will ask you for a connection name. Provide a

convenient name to it and click on Next. Now give the IP address or DNS name for

the VPN server and click on Next. Click on Finish button to close the wizard.

With this, your VPN client is ready. Launch the VPN client with the user name

and password to connect to your office VPN server.  However, the speed of

access depends on the amount of bandwidth available.

Sanjay Majumder

Advertisment