Re: VPN server

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Sat, 17 Feb 2007 16:02:18 -0600

---

"Gonzo" <no@xxxxxxxx> wrote in message
news:%23CUfuztUHHA.3316@xxxxxxxxxxxxxxxxxxxxxxx

I have installed routing and remote access on my Windows 2003 server, what
do I have to do to get a couple of users to connect from home? I want the
connections to be encrypted, so maybe IPsec.

Well you have to configure the RRAS VPN service (see buiilt-in Help* or
ask more questions but you might wish to switch to, or crosspost, to an
RRAS focused group) on the server.

You have to choose either/both PPTP or L2TP (which uses IPSec) for the
protocols to support. PPTP is easier to setup and the only one natively
supporting legacy (NT/9x) clients but L2TP is more secure. L2TP is
going to require that certificates be available for the IPSec part to work.

You will need to grant the users remote privileges in their AD properties
(Dial-in tab even though this is VPN) OR there set them to "Control
Access through Policies".

RRAS Policies are required but the default is to allow 24 hour access
(by everyone) so unless you wish to configure this more carefully it can
be largely ignored.

On the client you must create the equivalent (PPTP or L2TP) VPN
connections and possibly install the certificates.

If you have any firewalls external to the RRAS-VPN server you will
also have to configure it for either allowing or perhaps "port mapping"
to the VPN server. (e.g., PPTP uses IP protocol 47 and TCP 1723
and these ports and protocols are covered in the built-in help.*)

* The built-in Help is quite excellent and I suggest you search for the
following terms: [ checklist VPN ]

Maybe adding RRAS also.

Every major component of the OS (and many minor ones) come with
a "checklist" that will get you started and give you a solid basis for
asking specific questions about how to make specific things work.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

---

• Follow-Ups:
  • Re: VPN server
    • From: Gonzo

• References:
  • VPN server
    • From: Gonzo

• Prev by Date: Re: Can't ping A host record until on main DC - help?
• Next by Date: Re: 2 Domains need to resolve each others hosts
• Previous by thread: VPN server
• Next by thread: Re: VPN server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: VPN server ... PPTP is encrypted, you can use L2TP without certificates. ... You can use a pre-shared key instead of a certificate for L2TP/IPSec ... Well you have to configure the RRAS VPN service (see buiilt-in Help* or ... (microsoft.public.windows.server.active_directory) Re: VPN connections ... Are you trying to make a VPN with PPTP or with L2TP? ... > has port forwarding to the if address of the PC enabled. ... (microsoft.public.windowsxp.work_remotely) Re: VPN works with PPC 2002, not PPC 2003 ... Like you I want true ipsec so I can ditch my pptp server and connect ... I did try to make a vpn connection while cradled and it didn't work. ... > Movian for the original PPC. ... (microsoft.public.pocketpc) Re: VPN connection question ... What kind of a VPN are you trying to set up a PPTP or a IPSec? ... Office Network: Serverless peer network behind a Linksys BEFSX41 Router ... (Ubuntu) Re: VPN / IPSec Help ... > it might be quicker to setup PPTP to use over your VPN rather than L2TP. ... > This is still very secure, not as secure as L2TP but it doesn't use IPSEC ... >>> Does your router act as a NAT or are you using ICS?? ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-02