by May 6, 2001 0 comments



Just like Windows NT, you can have a simple VPN setup on Windows 2000 as well. For this, you need a Windows 2000 server with Active Directory installed on it. This server must be connected to the Internet, and have a public IP address, which you’ll have to get from your ISP. You’ll also need a DNS server running, which can be done from the server configuration wizard. 

Configuring the server

To prepare the Windows 2000 server for VPN, go to Start Menu>Programs>Administrative Tools>Routing and remote access. When you get the console, right-click on the server name in the left window pane and select “configure and enable remote access”. This starts a wizard to guide you through your VPN setup. 

The wizard will prompt you to identify a protocol for VPN access, which must be installed on the VPN server. Select TCP/IP from the list and press next. Here, you have to provide the public IP address of the VPN server, which will be used by the VPN clients and router to access this server over the Internet.

The next option configures the IP address assignment for your VPN clients. If there’s a DHCP server running on the same server, then you could provide its IP address. Else, you could provide a range of IP addresses to assign to the VPN clients. The final option prompts you whether to enable RADIUS authentication or not, that is if you have to manage multiple remote-access servers. After this, the routing and remote-access services will start.

You also have to specify the network that you want VPN clients to be able to access over the Internet. This is needed if your Windows 2000 server supports multiple-network segments through multiple-network cards. 

Now you have to configure the VPN security on the server. Fire up the Routing and Remote Access Management Console. From the left-hand side of the console, select the server. Click on action from menu bar and go to properties, select security tab, then click authentication method. Tick Microsoft encrypted authentication (MS_CHAP v2) and click OK.

We next configure the ports of operation for the VPN server. From the RRAS management console, go to the left pane, and choose the ports option. Right click it and select properties, which will bring up a list of tunneling protocols to be used for communication. Select PPTP as the tunneling protocol, click configure tab and turn off the demand-dial routing connection. Click Apply and press OK to continue.

We will now provide users on the Windows 2000 server, access to the VPN setup. For this, open up the Active Directory users and computers option from the Administrative Tools in the Start Menu. Go to the users folder, and select the properties of a user you want to provide VPN access. Select the dial-in tab and set ‘allow access’ to the remote access permission (dial-in or VPN). Do this for all the users you want to provide access. Your VPN server is now ready for access across the Internet. 

Configuring the client

We configured a client running Win 98 SE for VPN access. For this, go to the Control Panel and run the network applet. Here, click Add, choose Adaptor, and choose Microsoft Virtual Private Network adaptor from the list. It will copy some files, and you might be asked to insert your Win 98 CD. 

Next, you’ll have to create a VPN connection from dial-up networking option in My Computer. Create a new connection, which will run a wizard. Provide a connection name and select the device as Microsoft VPN Adaptor and press ‘Next’. Now type in the host name or IP address of the VPN server and click finish to complete.

Besides this, you’ll also need to create another dial-up connection for your ISP. Connect to your ISP, and then run the VPN connection you just made. If it’s able to find your VPN server, you’ll be prompted to provide your user name and password. Here, just enter the user name and password that was given to you from the Active Directory. After authentication, it will log you into your server. 

Anil Chopra with Sanjay Majumder

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.