Windows Security: Build a VPN Server - Page 2
Secure connections for your remote users are easy enough to provide with a Microsoft Windows 2003 VPN server.
Next you will need to setup a VPN connection from a client. Here are the steps on a Windows XP machine:
That's it! You should now be able to double click on the VPN connection you just created and logon with a user account that is a member of the group you allowed VPN access to in the remote access policy created above.
You may notice that when you connect to the VPN you can't access the Internet. This is a tricky issue to get around and the solution depends on your network topology. One obstacle is the default IP filters created on the external NIC with Routing and Remote Access is configured. You can configure these from
buttons. Be careful when changing these filters as they are created as a security measure.Last time we talked about a split tunnel versus a full tunnel. Here's how you configure that option:
. Un-checking this option will create a split tunnel when you initiate the VPN connection, and leaving it check creates a full tunnel.We also talked about PPTP versus L2TP/IPSec in the previous article. Here's how you can force the connection to use one of those two options (remember that L2TP/IPSec requires certificates):
.That's all folks; here are two final pieces of information that may come in handy if you roll out a Windows VPN server: 1) Where applicable, user account settings on the Dial-up tab of an AD user object override the remote access policy settings created on the IAS server 2) Windows Server 2003 Standard edition only supports up to 1000 concurrent connections.