Windows Security: Build a VPN Server - Page 2

By Ryan Bass | Posted Nov 16, 2007
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Next you will need to setup a VPN connection from a client. Here are the steps on a Windows XP machine:

Start » Control Panel » Network Connections » Create a new connection » Next » Connect to the network at my workplace » Next » Virtual Private Network connection » Next » Choose a friendly name » Next » you probably want to select "Do not dial the initial connection" » Next » Enter the host name or IP address of your VPN server » Next » choose who to make the connection for » Next » Finish

That's it! You should now be able to double click on the VPN connection you just created and logon with a user account that is a member of the group you allowed VPN access to in the remote access policy created above.

You may notice that when you connect to the VPN you can't access the Internet. This is a tricky issue to get around and the solution depends on your network topology. One obstacle is the default IP filters created on the external NIC with Routing and Remote Access is configured. You can configure these from Routing and Remote Access » YOURSERVER » IP Routing » General » right click on your external interface and choose Properties » click on the Inbound Filters... and/or Outbound Filters... buttons. Be careful when changing these filters as they are created as a security measure.

Last time we talked about a split tunnel versus a full tunnel. Here's how you configure that option: Start » Control Panel » Network Connections » right click your VPN connection » Properties » Networking tab » select Internet Protocol (TCP/IP) » Properties » Advanced... » check or uncheck "Use Default Gateway On Remote Network". Un-checking this option will create a split tunnel when you initiate the VPN connection, and leaving it check creates a full tunnel.

We also talked about PPTP versus L2TP/IPSec in the previous article. Here's how you can force the connection to use one of those two options (remember that L2TP/IPSec requires certificates): Start » Control Panel » Network Connections » right click your VPN connection » Properties » Networking tab » change the Type of VPN drop down box.

That's all folks; here are two final pieces of information that may come in handy if you roll out a Windows VPN server: 1) Where applicable, user account settings on the Dial-up tab of an AD user object override the remote access policy settings created on the IAS server 2) Windows Server 2003 Standard edition only supports up to 1000 concurrent connections.

Resources

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter