Sunday, May 17, 2009

Install and Configure Virtual Private Netwok (VPN)

How to install and Turn on a VPN Server:
To install and turn on a VPN server, follow these steps:
1. Click Start, point to Administrative Tools,
and then click Routing and Remote Access.

2. Click the server icon that matches the local server name in the left pane of
the console. If the icon has a red circle in the lower-left corner, the Routing
and Remote Access service has not been turned on. If the icon has a green arrow
pointing up in the lower-left corner, the Routing and Remote Access service has
been turned on. If the Routing and Remote Access service was previously turn on,
you may want to reconfigure the server. To reconfigure the server:

a) Right-click the server object, and then click
Disable Routing and Remote Access
. Click Yes to
continue when you are prompted with an informational message.


b) Right-click the server icon, and then click
Configure and Enable Routing and Remote Access
to start the Routing and
Remote Access Server Setup Wizard. Click Next to continue.


c) Click Remote access (dial-up or VPN) to
turn on remote computers to dial in or connect to this network through the
Internet. Click Next to continue.


3. Click to select VPN or Dial-up depending on
the role that you intend to assign to this server.

4. In the VPN Connection window, click the network interface which is connected
to the Internet, and then click Next.

5. In the IP Address Assignment window, click
Automatically
if a DHCP server will be used to assign addresses to
remote clients, or click From a specified range of
addresses
if remote clients must only be given an address from a
pre-defined pool. In most cases, the DHCP option is simpler to administer.
However, if DHCP is not available, you must specify a range of static addresses.
Click Next to continue.

6. If you clicked From a specified range of addresses, the Address Range Assignment dialog box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Type the last IP address in the range in the End IP address box. Windows calculates the number of addresses automatically. Click OK to return to the Address Range Assignment window. Click Next to continue.

7. Accept the default setting of No, use Routing and
Remote Access to authenticate connection requests
, and then click
Next to continue. Click Finish to turn on the
Routing and Remote Access service and to configure the server as a Remote Access
server.

How to Configure the VPN Server:

To continue to configure the VPN server as required, follow these steps.

How to Configure the Remote Access Server as a Router:

For the remote access server to forward traffic properly inside your network,
you must configure it as a router with either static routes or routing
protocols, so that all of the locations in the intranet are reachable from the
remote access server.

To configure the server as a router:

1. Click Start, point to Administrative Tools,
and then click Routing and Remote Access.

2. Right-click the server name, and then click Properties.

3. Click the General tab, and then click to select
Router
under Enable this computer as a.

4. Click LAN and demand-dial routing, and then
click OK to close the Properties dialog box.

How to Modify the Number of Simultaneous Connections:

The number of dial-up modem connections is dependent on the number of modems
that are installed on the server. For example, if you have only one modem
installed on the server, you can have only one modem connection at a time.

The number of dial-up VPN connections is dependent on the number of simultaneous
users whom you want to permit. By default, when you run the procedure described
in this article, you permit 128 connections. To change the number of simultaneous connections, follow these steps:

1. Click Start, point to Administrative Tools,
and then click Routing and Remote Access.

2. Double-click the server object, right-click Ports, and then
click Properties.

3. In the Ports Properties dialog box, click WAN
Miniport (PPTP)
, and then click Configure.

4. In the Maximum ports box, type the number of VPN connections
that you want to permit.

5. Click OK, click OK again, and then close
Routing and Remote Access.

How to Manage Addresses and Name Servers:

The VPN server must have IP addresses available to assign them to the VPN
server's virtual interface and to VPN clients during the IP Control Protocol (IPCP)
negotiation phase of the connection process. The IP address assigned to the VPN
client is assigned to the virtual interface of the VPN client.

For Windows Server 2003-based VPN servers, the IP addresses assigned to VPN
clients are obtained through DHCP by default. You can also configure a static IP
address pool. The VPN server must also be configured with name resolution
servers, typically DNS and WINS server addresses, to assign to the VPN client
during IPCP negotiation.

How to Manage Access

Configure the dial-in properties on user accounts and remote access policies to
manage access for dial-up networking and VPN connections.
NOTE: By default, users are denied access to dial-up
networking.

Access by User Account:

To grant dial-in access to a user account if you are managing remote access on a
user basis, follow these steps:

1. Click Start, point to Administrative Tools,
and then click Active Directory Users and computers.

2. Right-click the user account, and then click Properties.

3. Click the Dial-in tab.

4. Click Allow access to grant the user permission to dial in. Click OK.

Access by Group Membership:

If you manage remote access on a group basis, follow these steps:

1. Create a group with members who are permitted to create VPN connections.

2. Click Start, point to Administrative Tools,
and then click Routing and Remote Access.

3. In the console tree, expand Routing and Remote Access, expand the server name, and then click Remote Access Policies.

4. Right-click anywhere in the right pane, point to New, and
then click Remote Access Policy.

5. Click Next, type the policy name, and then click
Next
.

6. Click VPN for Virtual Private Access access method, or click
Dial-up for dial-up access, and then click Next.

7. Click Add, type the name of the group that you created in
step 1, and then click Next.

8. Follow the on-screen instructions to complete the wizard.

If the VPN server already permits dial-up networking remote access services, do
not delete the default policy. Instead, move it so that it is the last policy to
be evaluated.

How to Configure a VPN Connection from a Client Computer:

To set up a connection to a VPN, follow these steps. To set up a client for
virtual private network access, follow these steps on the client workstation:
NOTE: You must be logged on as a member of the Administrators
group to follow these steps.

NOTE: Because there are several versions of Microsoft Windows,
the following steps may be different on your computer. If they are, see your
product documentation to complete these steps.

1. On the client computer, confirm that the connection to the Internet is
correctly configured.

2. Click Start, click Control Panel, and then
click Network Connections. Click Create
a new connection
under Network Tasks, and then click
Next.

3. Click Connect to the network at my workplace
to create the dial-up connection. Click Next to continue.

4. Click Virtual Private Network connection, and
then click Next.

5. Type a descriptive name for this connection in the Company name
dialog box, and then click Next.

6. Click Do not dial the initial connection if the computer is
permanently connected to the Internet. If the computer connects to the Internet
through an Internet Service Provider (ISP), click
Automatically dial this initial connection
, and then click the name of
the connection to the ISP. Click Next.

7. Type the IP address or the host name of the VPN server computer (for example,
VPNServer.SampleDomain.com).

8. Click Anyone's use if you want to permit any
user who logs on to the workstation to have access to this dial-up connection.
Click My use only if you want this connection to
be available only to the currently logged-on user. Click Next.

9. Click Finish to save the connection.

10.Click Start, click Control Panel, and then
click Network Connections.

11. Double-click the new connection.

12. Click Properties to continue to configure options for the
connection. To continue to configure options for the connection, follow these
steps:
a) If you are connecting to a domain, click the Options
tab, and then click to select the Include Windows logon
domain
check box to specify whether to request Windows Server 2003
logon domain information before trying to connect.


b) If you want the connection to be redialed if the line is dropped, click
the Options tab, and then click to select the
Redial if line is dropped check box.


To use the connection, follow these steps:

1. Click Start, point to Connect to, and then click the new connection.

2. If you do not currently have a connection to the Internet, Windows offers to
connect to the Internet.

3. When the connection to the Internet is made, the VPN server prompts you for
your user name and password. Type your user name and password, and then click
Connect.

Your network resources must be available to you in the same way they are when
you connect directly to the network.NOTE: To disconnect from
the VPN, right-click the connection icon, and then click Disconnect

No comments:

Post a Comment