Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. How to install and configure a virtual private network server in Windows Server 2003
In this articleThis step-by-step article describes how to install virtual private networking (VPN) and how to create a new VPN connection in servers that are running Windows Server 2003. For a Microsoft Windows XP version of this article, see 314076. Applies to:
Windows Server 2003 SummaryWith a virtual private network, you can connect network components through another network, such as the Internet. You can make your Windows Server 2003-based computer a remote-access server so that other users can connect to it by using VPN, and then they can log on to the network and access shared resources. VPNs do this by "tunneling" through the Internet or through another public network in a manner that provides the same security and features as a private network. Data is sent across the public network by using its routing infrastructure, but to the user, it appears as if the data is sent over a dedicated private link. Overview of VPNA virtual private network is a means of connecting to a private network (such as your office network) by way of a public network (such as the Internet). A VPN combines the virtues of a dial-up connection to a dial-up server with the ease and flexibility of an Internet connection. By using an Internet connection, you can travel worldwide and still, in most places, connect to your office with a local call to the nearest Internet-access phone number. If you have a high-speed Internet connection (such as cable or DSL) at your computer and at your office, you can communicate with your office at full Internet speed, which is much faster than any dial-up connection that uses an analog modem. This technology allows an enterprise to connect to its branch offices or to other companies over a public network while maintaining secure communications. The VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link. Virtual private networks use authenticated links to make sure that only authorized users can connect to your network. To make sure data is secure as it travels over the public network, a VPN connection uses Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) to encrypt data. Components of a VPNA VPN in servers running Windows Server 2003 is made up of a VPN server, a VPN client, a VPN connection (that portion of the connection in which the data is encrypted), and the tunnel (that portion of the connection in which the data is encapsulated). The tunneling is completed through one of the tunneling protocols included with servers running Windows Server 2003, both of which are installed with Routing and Remote Access. The Routing and Remote Access service is installed automatically during the installation of Windows Server 2003. By default, however, the Routing and Remote Access service is turned off. The two tunneling protocols included with Windows are:
Your connection to the Internet must use a dedicated line such as T1, Fractional T1, or Frame Relay. The WAN adapter must be configured with the IP address and subnet mask assigned for your domain or supplied by an Internet service provider (ISP). The WAN adapter must also be configured as the default gateway of the ISP router. Note To turn on VPN, you must be logged on using an account that has administrative rights. How to install and turn on a VPN serverTo install and turn on a VPN server, follow these steps:
How to configure the VPN serverTo continue to configure the VPN server as required, follow these steps. How to configure the remote access server as a routerFor the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server. To configure the server as a router:
How to modify the number of simultaneous connectionsThe number of dial-up modem connections is dependent on the number of modems that are installed on the server. For example, if you have only one modem installed on the server, you can have only one modem connection at a time. The number of dial-up VPN connections is dependent on the number of simultaneous users whom you want to permit. By default, when you run the procedure described in this article, you permit 128 connections. To change the number of simultaneous connections, follow these steps:
How to manage addresses and name serversThe VPN server must have IP addresses available to assign them to the VPN server's virtual interface and to VPN clients during the IP Control Protocol (IPCP) negotiation phase of the connection process. The IP address assigned to the VPN client is assigned to the virtual interface of the VPN client. For Windows Server 2003-based VPN servers, the IP addresses assigned to VPN clients are obtained through DHCP by default. You can also configure a static IP address pool. The VPN server must also be configured with name resolution servers, typically DNS, and WINS server addresses, to assign to the VPN client during IPCP negotiation. How to manage accessConfigure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections. Note By default, users are denied access to dial-up networking. Access by user accountTo grant dial-in access to a user account if you're managing remote access on a user basis, follow these steps:
Access by group membershipIf you manage remote access on a group basis, follow these steps:
If the VPN server already permits dial-up networking remote access services, do not delete the default policy. Instead, move it so that it is the last policy to be evaluated. How to configure a VPN connection from a client computerTo set up a connection to a VPN, follow these steps. To set up a client for virtual private network access, follow these steps on the client workstation: Note You must be logged on as a member of the Administrators group to follow these steps. Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
To use the connection, follow these steps:
TroubleshootingTroubleshooting remote access VPNsCan't establish a remote access VPN connection
Can't send and receive data
Which of the following is protocol used to enable communication securely between points on a virtual private network VPN )?IPsec is commonly used to secure VPNs. While a VPN creates a private network between a user's computer and the VPN server, IPsec protocols implement a secure network that protects VPN data from outside access.
Which of the following is the name of a secure point to point connection made over a public network?VPN (virtual private network): A VPN is a secure, point-to-point connection between two network end points (see 'Nodes' below). A VPN establishes an encrypted channel that keeps a user's identity and access credentials, as well as any data transferred, inaccessible to hackers.
What is a connectionless protocol that offers speed and low overhead?Explanation. User Datagram Protocol (UDP) is a connectionless protocol that is built for speed. It has low overhead and often sends data in small blocks, such as 512 bytes, and its header 8 bytes long.
Which of the following allows computers on a network to automatically?Which of the following allows computers on a network to automatically receive address assignment information? DHCP is used to automatically assign IP addresses to devices on a network.
|