Virtual Private Networks (VPNs) allow
you to extend your LAN by taking advantage of Internet. VPN technologies
provide a way to connect a remote host located thousands of miles away
from your network and make that host a node on your LAN. The connections
made by the remote clients can be almost as secure as those between two
hosts on the same LAN.
Windows 2000 Server family products allow you
to configure them to be VPN Server by taking advantage of the VPN
features available with the Routing and Remote Access Service (RRAS).
Once you set up the machine as a VPN Server, remote hosts can call in and
access resources on the internal network as if they were directly connected
to the network.
VPN Clients
A VPN client can be a
computer running Win9x, Windows NT Workstation or Windows 2000 Professional.
Even Server computers can be clients of one another. The client computer
creates a initial PPP connection to its ISP, which is a local phone call.
After the client establishes the "non-virtual" datalink layer (PPP)
connection, it can establish the "virtual link". With the PPP connection
established, the client makes a second call to establish the VPN link
that make it a node on the remote network.
Note that when the client
connects to the VPN Server, it is still connected to the Internet. However,
after establishing a VPN link with the remote VPN server, the client
obtains an IP address that is valid on the destination private network on a
virtual interface. That interface establishes a new default gateway,
which is the IP address assigned to the VPN server's external VPN IP
address.
The client can still access Internet resources if you
uncheck the "use default gateway on remote network" option in the VPN
client settings. You could also configure the client to use a Web Proxy
server on the internal network.
Setting Up The VPN
Server
But before a client can call into your network, you need to
set up your VPN Server. In this article we'll see how to setup a VPN
server and address some of the infrastructure issues important to making the
VPN server solution work along the way.
The first step is to enable
the Routing and Remote Access Service. You do not need to install the
RRAS because it is installed by default on all Windows 2000 Server
computers. Although it is installed, it is not enabled. To enable the
RRAS Server, perform the following steps:
From the Administrative Tools menu, click the Routing and
Remote Access command.
In the Routing and Remote Access console, right click your server
name, and click the Enable Routing and Remote Access command. After
clicking on the command, it will take a little while for the service to
activate.
The RRAS Wizard will start up. Click past the Welcome page to get
to the Common Configurations page as seen below. Click on the
Manually configured server command, and click
Next.
The Wizard will tell you that you are done. Click Finish to
complete enabling the RRAS server.
The Wizard will ask you if you want to start the service. Click
Yes to start the service.
Note that we did not use the
Virtual private network (VPN server option. This reason is that there
is a bug in it that does not complete the configuration of the VPN server
completely. The problem is that when you use the Wizard, it secures the
interface you select by implementing filters that only accept incoming L2TP
and PPTP traffic. RRAS then does not forward packets on that interface
unless they are PPTP or L2TP. Therefore, we need to manually configure the
server to make sure everything is set correctly.
When RRAS starts,
you'll see a console like in the figure below.
The Server "General"
Tab
Right click your server name, and click the Properties command. You'll see what appears in the figure below.
On the
General tab you have a chance to make this computer a router. Now,
you might expect the since the computer will be routing requests from the
VPN clients to the internal network, that you would...
You must be logged in to view this entire article. Click Here to Finish Reading this Article
FREE subscription to Network World.
Your complimentary subscription will include 50 weekly issues jam packed with news analysis, expert industry opinion and management/career advice, all of which is packaged with your business needs in mind. We want to help you connect the technology dots and help you advance your company's business goals.
Email this Article
Print this Article
