Re: VPN server
- From: Dragos CAMARA <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 18 Feb 2007 03:11:00 -0800
hi,
PPTP is encrypted, you can use L2TP without certificates.
You can use a pre-shared key instead of a certificate for L2TP/IPSec
authentication of your VPN clients that are running Windows XP or a member of
the Windows Server 2003 family. Pre-shared keys do not require a public key
infrastructure (PKI) for deployment, but they are a relatively weak
authentication method. You can increase the security of your pre-shared key
deployment by encrypting the pre-shared key with a personal identification
number (PIN), which your users must enter before the profile will install.
--
Dragos CAMARA
MCSA Windows 2003 server
"Gonzo" wrote:
Thanks, do I need to install a certificate server? The 5 users connecting.
are on XP/Vista. Is PPTP encrypted?
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:uJa2L9tUHHA.1364@xxxxxxxxxxxxxxxxxxxxxxx
"Gonzo" <no@xxxxxxxx> wrote in message
news:%23CUfuztUHHA.3316@xxxxxxxxxxxxxxxxxxxxxxx
I have installed routing and remote access on my Windows 2003 server, what
do I have to do to get a couple of users to connect from home? I want the
connections to be encrypted, so maybe IPsec.
Well you have to configure the RRAS VPN service (see buiilt-in Help* or
ask more questions but you might wish to switch to, or crosspost, to an
RRAS focused group) on the server.
You have to choose either/both PPTP or L2TP (which uses IPSec) for the
protocols to support. PPTP is easier to setup and the only one natively
supporting legacy (NT/9x) clients but L2TP is more secure. L2TP is
going to require that certificates be available for the IPSec part to
work.
You will need to grant the users remote privileges in their AD properties
(Dial-in tab even though this is VPN) OR there set them to "Control
Access through Policies".
RRAS Policies are required but the default is to allow 24 hour access
(by everyone) so unless you wish to configure this more carefully it can
be largely ignored.
On the client you must create the equivalent (PPTP or L2TP) VPN
connections and possibly install the certificates.
If you have any firewalls external to the RRAS-VPN server you will
also have to configure it for either allowing or perhaps "port mapping"
to the VPN server. (e.g., PPTP uses IP protocol 47 and TCP 1723
and these ports and protocols are covered in the built-in help.*)
* The built-in Help is quite excellent and I suggest you search for the
following terms: [ checklist VPN ]
Maybe adding RRAS also.
Every major component of the OS (and many minor ones) come with
a "checklist" that will get you started and give you a solid basis for
asking specific questions about how to make specific things work.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
- Follow-Ups:
- Re: VPN server
- From: Herb Martin
- Re: VPN server
- From: Jorge Silva
- Re: VPN server
- From: Gonzo
- Re: VPN server
- References:
- VPN server
- From: Gonzo
- Re: VPN server
- From: Herb Martin
- Re: VPN server
- From: Gonzo
- VPN server
- Prev by Date: Should DC's with DNS point to self first?
- Next by Date: Re: VPN server
- Previous by thread: Re: VPN server
- Next by thread: Re: VPN server
- Index(es):
Relevant Pages
|
Loading
