by June 2, 2003 0 comments

Think of a scenario where you need to access some important files from your office PC, and you are sitting far away. One way is to setup a remote access server with dial-up links. The other alternative is to setup a remote access server over VPN (Virtual Private Network). This will allow you to access your network resources over the Internet. The links can also be secured so that data is encrypted while being transferred. We’ll explain how this can be done using Windows 2000 server. For this, you need a multi-homed server with at least two network cards. The remaining process is as follows: 

1.Configure both network cards with static IP addresses, one with an internal IP your LAN, while the other with a public IP. You also need a firewall in between to ensure that your LAN is secure from external access. 

2.Open Routing and Remote Access from Start>Programs>Administrative tools>Routing and Remote access. This opens a Routing and Remote Access MMC (Microsoft Management Console). On the left panel, you will find an icon showing the server’s status. Right-click the server icon and from the popup menu, select the “Configure and Enable Routing and Remote Access” option from the pop-up menu. 

Both the screenshots (above and left)
show the process of Configuring Routing and Remote Access server

3. This will launch a Routing and Remote Access wizard to configure its services. Click next, and the wizard will ask you to select the type of routing configuration you would like to set for this machine. Select “Virtual Private Network (VPN) Server” and click next.

4. Now, the wizard will show you the Remote client Protocol page, select “Yes, all required protocols are on this list” option and next. By default setting is TCP/IP.

5. Here, the wizard will ask you to configure the network card for VPN setup. Select the network card, which is connected on the public network (203.122.29.x) and click next.

6. It will open the IP address assignment page; click the “automatic” radio button, if your network has a DHCP server available. If not, click the “From a specified range of address” option, and give the range of IPs for clients and click next.

7. This page allows you to configure the authentication mode for the VPN setup. However, you can manage multiple remote access servers centrally with the help of RADIUS or Remote authentication Dial-in user service. You can have multiple remote access servers on your network, but you would like to authenticate users from one central server, rather then creating users account for each remote access server. For Configuring RADIUS use Internet Authentication Server (IAS), built-in Windows 2000 Server. If you authenticate from the same server, click “No, I don’t want to setup this server to use RADIUS now” and click next. 

8. Finally click on finish button to complete the Routing and Remote Assess Server configuration.

Applying Access Polices 
To allow access policies to the users to connect on the VPN server, you must specify some access permission to the users.

The RRAS wizard let’s you choose the configuration you want

So that remote users can connect to the VPN server from their VPN clients. 

Open Routing and Remote Access from Start>Programs>Administrative tools. Click on “Remote Access Policies” given on the left panel, and click on plus sign (+) to expand its sub-tree. On the right panel, you find “Allow access if dial-in permission enabled” option, right-click it to select its properties. From the property sheet, select “Grant Remote Access permission” radio button, then click “Ok” and close the Routing and Remote Access

Granting the User Permission to Connect 
Open “Active Directory User and Computer” from Start> Programs> Administrative Tools, and select the user. Double-click on it, to check user properties. From the user property sheet, click on Dial-In tab and select “Allow access” radio button from Access permission Dial-In or (VPN) option. Click “Ok” and close the
Active Directory User and Computer MMC. 

You have to create a separate
connection from the client to access your VPN server

Configuring VPN Clients
Creating VPN clients is fairly simple. We used Win XP Prof as a remote client. Go to Start>Programs> Accessories> Communication, and click “New connection Wizard”. This runs a wizard for creating a VPN connection. Select “Connect to the network to my workplace” and click next. On the Network Connection page, click on Virtual Private Network Connection”. Next the wizard will ask you for a connection name. Provide a convenient name to it and click next. Now you need to give the IP address or DNS name for the VPN server and click next, finally click finish button to close the wizard.

With this, your VPN client is ready. Launch the VPN client with the user name and password to connect to your office VPN server. Make sure you are connected to the Internet. This VPN connection will take you to your office network, and you can access all your network resources. However, the speed of access is governed by the amount of bandwidth available. 

Sanjay Majumder

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.