Windows Security: Build a VPN Server - Page 2

By  Ryan Bass | Nov 16, 2007
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Next you will need to setup a VPN connection from a client. Here are the steps on a Windows XP machine:

Start » Control Panel » Network Connections » Create a new connection » Next » Connect to the network at my workplace » Next » Virtual Private Network connection » Next » Choose a friendly name » Next » you probably want to select "Do not dial the initial connection" » Next » Enter the host name or IP address of your VPN server » Next » choose who to make the connection for » Next » Finish

That's it! You should now be able to double click on the VPN connection you just created and logon with a user account that is a member of the group you allowed VPN access to in the remote access policy created above.

You may notice that when you connect to the VPN you can't access the Internet. This is a tricky issue to get around and the solution depends on your network topology. One obstacle is the default IP filters created on the external NIC with Routing and Remote Access is configured. You can configure these from Routing and Remote Access » YOURSERVER » IP Routing » General » right click on your external interface and choose Properties » click on the Inbound Filters... and/or Outbound Filters... buttons. Be careful when changing these filters as they are created as a security measure.

Last time we talked about a split tunnel versus a full tunnel. Here's how you configure that option: Start » Control Panel » Network Connections » right click your VPN connection » Properties » Networking tab » select Internet Protocol (TCP/IP) » Properties » Advanced... » check or uncheck "Use Default Gateway On Remote Network". Un-checking this option will create a split tunnel when you initiate the VPN connection, and leaving it check creates a full tunnel.

We also talked about PPTP versus L2TP/IPSec in the previous article. Here's how you can force the connection to use one of those two options (remember that L2TP/IPSec requires certificates): Start » Control Panel » Network Connections » right click your VPN connection » Properties » Networking tab » change the Type of VPN drop down box.

That's all folks; here are two final pieces of information that may come in handy if you roll out a Windows VPN server: 1) Where applicable, user account settings on the Dial-up tab of an AD user object override the remote access policy settings created on the IAS server 2) Windows Server 2003 Standard edition only supports up to 1000 concurrent connections.

Resources

ryan@bass.name

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >