Basic VPN Requirement

Pear Tree
2016-11-10 15:47

Basic VPN Requirement

·       User Permission. Enable a user to access the VPN. To do this, go to AD Users and Computers, select the user who need to access the VPN, click Dial-in. Check Allow access on the Remote Access Permission (Dial-in or VPN). 

·       IP Configuration. The VPN server should have a static IP address and assign the arrange IP addresses to VPN clients. The VPN server must also be configured with DNS and WINS server addresses to assign to the VPN client during the connection. 

·       Data Encryption. Data carried on the public network should be rendered unreadable to unauthorized clients on the network. 

·        Protocol Support. The TCP/IP is common protocols used in the public network. The VPN also include IP, Internetwork Packet Exchange (IPX), NetBEUI and so on. 

·       Firewall Ports. When you place a VPN server behind your firewall, be sure to enable IP protocol 47 (GRE) and TCP port 1723. 

·       Interface(s) for VPN server. If your network doesn't have a router or the VPN is also a gateway, your computer must have at least two interfaces, one connecting to the Internet and another connecting to the LAN. If it is behind a router, you just need one NIC. 

·       One interface for VPN client. The interface can be a dial-in modem, or a dedicated connection to the Internet. 

How to setup VPN server on 2003 server

You may have two options to setup VPN server on Windows 2003. 1) Create an incoming networking connection if you have small network or you want to setup one PC to PC VPN; 2) If you have large numbers of incoming connections on a server that operates as part of a distributed network or as a domain controller, you should use RRA to create a VPN server.

How to manage IP assignment on RRAS

Open RRAS, right-click on the RRAS server>Properties>IP. You will have two options, DHCP and Static address pool.

How to configure W2K server as VPN server

To setup a Windows 2000 server for VPN, open Routing and Remote Access console in the Administrative Tools folder, right-click the server and then click Configure and Enable Routing and Remote Access>Virtual private network [VPN] server. Click Next if TCP/IP is only protocol you will use. Select a connection you will connect to on the Internet Connection. You will have two options to assign IP to VPN clients. The default is Automatically. It is recommended to configure the server to assign client addresses from a static address pool, rather than assigning addresses from a DHCP server. If you configure RAS to assign client addresses from a static address pool, clients inherit the DNS and WINS settings from the RAS server. If your RAS server can browse the network, clients should also be able to browse the network with the same settings. If you prefer DHCP, verify that DHCP scope option 44 (WINS/NetBIOS name server) points to the WINS server and scope option 6 shows the address of your DNS server. When you don't define these options, you almost guarantee problems with client browsing. Finally, you can select using RADIUS or not. 

NOTE: If VPN traffic is traveling through a router or firewall, configure the router or firewall to pass PPTP (TCP Port 1723 and IP Protocol ID 47 [GRE - Generic Routing Encapsulation]) or L2TP over IPSec (UDP Port 500 and IP Protocol ID 50 [Encapsulating Security Payload]) traffic to and from the VPN server. 

Incoming Connection or RRAS

You can create an incoming connection on a computer acting as a remote access server if it is running Windows 2000, XP Pro. or if it is a stand-alone computer running Windows 2000/2003 Server. For large numbers of incoming connections on a computer running Windows 2000/2003 Server as a router or as a domain controller, or a member of a domain, you should use Routing and Remote Access to create a remote access server.

Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: Pass  IP protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router. 

 

Average rating: 0 (0 Votes)

You cannot comment on this entry