Virtual Private Networking
by
THE MATTCAVE
Home

Introduction

Installation

Configuring

Testing

 

Create a VPN server with Windows 2000 Server Part 2

Click on the picture to the right of the instructions to get an image of each step.

Now you have to add three Remote Access Policies and set them to the following:

NAS-Port-Type = Virtual (VPN)
Windows-Groups = VPN_Users
Called-Station-ID = 192.168.0.254

All permissions set on these policies to Grant remote access permission.

Windows-Groups - By setting this policy, only users that are in this group will be able to connect to the VPN server. Also, be sure and allow Dial-in access for your users in the user manager.

Called-Station-ID - You set this to the IP address of VPN server. It is basically an ID to what your client are calling. For instance, my router passes all request to my server, my server has an IP of 192.168.0.254, but to the outside world it shows up as 24.159.56.141 or home.mattcave.net. So in my Called-Station-ID, I have 192.168.0.254, 24.159.56.141 and home.mattcave.net.

  Now you have one thing left to do. Configure your interfaces.
In Routing and Remote Access right click on Ports and click Properties.
The Ports Properties windows will open and list all ports that are available. You will want to click on the port you want to configure and click Configure.
On the Configuration page of the of the port be sure that both check boxes at the top are checked and that you set a realistic limit on the number of ports you want. For instance, if you have a cable modem like me with a 256K upload, 128 ports could really suck. I set mine to 10 (although I'll probably never have that many) because that divides 10 active users to 25.6K per user. Enough to get something done and prevents my bandwidth from getting sucked away.
  Other things to consider:

VPN will work more reliably with a properly configured DNS, WINS and DHCP server. These make browsing and locating computers on your network more reliably.

Be sure your DHCP server is assigning as much information as possible: WINS, DNS, Domain, etc. This saves a lot of headache on the client's end. All they'll have to do is know their username and password.

Now you should have a proper VPN server setup
Now it's time to try it out...

TESTING

 
Copyright © 1994 - 2002 THE MATTCAVE - All Rights Reserved