Installing VPN server on Windows 2003
________________________________________
Follow us on Facebook
Follow us on Google+
________________________________________
Presentation
A virtual private network (VPN) is a way to connect to a private network through a public network is the Internet. It combines the advantages of remote connection with a remote access server with the ease and convenience of Internet connectionThe solution to install a VPN server in Tissea SARL allow the remote sites can access the network seamlessly and securely. Therefore, it was necessary to link these sites together so they can share resources and materials to increase their productivity.
Communication between sites
Before the emergence of the company VPN to connect these multiple physical networks, it y'avait onededicated line that carried a WAN between these networks for a while. The main purpose of the VPN
was to allow a remote machine to a network (eg Marrakech) to access by
the Internet, and all ensuring security of data exchanged. This is
established, once connected to the Internet, the user can create a VPN between your machine and the remote network.
Here is a concrete illustration picture:
Components of a VPN server
explanations
In Windows 2003, the protocol virtual private network consists of the following components:1 VPN server, 1 (n) client (s) VPN, 1 VPN connection (this is the part of the connection in which the data are encrypted) and the tunnel (the portion of the connection in which the data is encapsulated).
Tunneling is done through one of the tunneling protocols included with Windows 2003
(existing in 2000), which are both installed with Routing and Remote Access, or
service called "RRAS" (Routing and Remote Access). The two major tunneling protocols
included with Windows 2003 are:
- PPTP (Point-to-Point Tunneling Protocol), which provides data encryption using the Point to Point Encryption Microsoft Corporation.
- L2TP (Layer Two Tunneling Protocol) that provides encryption, authentication, and integrity
data using IPSec.
Note, however it is recommended that your Internet connection uses a dedicated line
T (n) or fractional frame relay. The WAN adapter must be configured with the IP address and
subnet mask assigned to your domain or supplied by a provider, as well as the gateway
default ISP router.
Differences between PPTP and L2TP/IPSec
We have seen that Windows 2003 supports two VPN protocols that are:- PPTP (point to point tunneling protocol)
- L2TP (Layer 2 Tunneling Protocol).
PPTP uses MPPE encryption method (Microsoft Point to Point Encryption) while
L2TP is based on IPSec. However, for encrypted communication with PPTP
it is necessary to have used the following methods of authentication:
- MS-CHAP v1 or v2
- EAP / TLS for smart cards.
(IPSec requires no particular authentication method)
The method MPPE to encrypt on 40.56 and 128-bit to use the 128-bit encryption it was necessary to have installed the High encryption pack (included in the service pack3) and install a patch for versions correction Windows 95 and 98 but with Windows 2003 it is resolved.
Here is a table of the main features of PPTP and L2TP
Here is a table of the main features of PPTP and L2TP
Installation on Windows 2003 Server
Installation and activation of vpn
To install and activate a VPN server on Windows 2003 server, follow these steps:
1) Firstly, the VPN unit with Microsoft Windows 2003, confirm that the connection to the Internet and connect to your local area network (LAN) are both configured correctly, this is important for the next steps :
2) Click Start, point to Administrative Tools, and then click Routing and Remote Access.
3) Click on the server name in the tree, and then click Configure and Enable Routing and Remote Access on the Action menu. Click Next.
4) In the Common Configurations dialog box, click Virtual Private Network (VPN server)
then click Next.
then click Next.
click Yes, all protocols are available in the list, then click Next.
6) In the Internet Connection dialog box, select the Internet connection you used to
connect to the Internet, then click Next.
7) In the dialog box, IP address assignment, select Automatically to use the
DHCP server on your subnet to assign IP addresses to remote access clients and
server.
8) In the dialog box Managing multiple remote access servers, confirm that the check
select No, I do not want to configure this server to use RADIUS now activated.
9) Click Next, then click Finish.
10) Click the right mouse button on the node Ports, and then click Properties.
11) In the Properties dialog box of ports, click the device WAN Miniport (PPTP), and then click Configure.
12) In the dialog Configure Device - WAN Miniport (PPTP), this possibility is offered to you:
NB: If you do not want to support a VPN user dialup modems direct
installed on the server, clear the checkbox dial routing connections on demand (inbound and outbound).
13) Enter the maximum number of simultaneous PPTP connections you want to allow in the area
text Maximum ports. (This number may depend on the number of available IP addresses.)
14) Repeat steps 11 through 13 for the L2TP device, and then click OK.
10) Click the right mouse button on the node Ports, and then click Properties.
11) In the Properties dialog box of ports, click the device WAN Miniport (PPTP), and then click Configure.
12) In the dialog Configure Device - WAN Miniport (PPTP), this possibility is offered to you:
NB: If you do not want to support a VPN user dialup modems direct
installed on the server, clear the checkbox dial routing connections on demand (inbound and outbound).
13) Enter the maximum number of simultaneous PPTP connections you want to allow in the area
text Maximum ports. (This number may depend on the number of available IP addresses.)
14) Repeat steps 11 through 13 for the L2TP device, and then click OK.
VPN server configuration
Configuring the remote access server as a router
For our remote access server to forward traffic correctly on your network, you
must configure it as a router with either static routes or routing protocols,
so that all sites on the intranet are reachable from the same remote access server.
To configure the server as a router:
1) First, click Start, point to Administrative Tools, and then click Routing and
Remote Access.
2) Right-click on the server name, and then click Properties.
3) On the General tab, select Enable this computer as a router.
4) Select Routing for LAN routing only or LAN and dial
demand. Finally click on "OK" to close the Properties dialog box.Configuring PPTP ports
Confirm the number of PPTP ports you need. To check the number of ports or add ports, follow these steps:
1) Click Start, point to Administrative Tools, and then click Routing and Remote Access.
2) In the console tree, expand Routing and Remote Access, expand the name of
server, and then click Ports.
3) Click with the right-click Ports, and then click Properties.
4) In the Properties dialog box of ports, click Port Mini WAN (PPTP), and then click Configure.
5) In the dialog Configure Device, select the maximum number of ports
the device, and then select the options to specify whether the device accepts
incoming connections only or both incoming and outgoing connections.
How to allow a user to connect to a VPN server installed on a Windows 2003 Server platform?
1 - Click on Start \ Administrative Tools \ Users and Computers orRun: dsa.msc
2 - Select the desired user, display the context menu with the right mouse button, select
Properties.
3 - In the Dial-in tab, check the Allow Access.
Managing addresses and name servers
The VPN server must have IP addresses available, it must indeed assign to the virtual interface
VPN server and VPN client during IPCP negotiation phase (IP Control Protocol)
connection process. The IP address assigned to the VPN client is assigned to the virtual interface of the client
VPN.
For Windows 2003 VPN server, the IP addresses assigned to VPN clients are obtained by
Addressing DHCP by default. You can also configure a group of static IP addresses. the
VPN server must also be configured with name resolution servers (usually
addresses of DNS and WINS servers) to assign to the VPN client during the IPCP negotiation.
Vpn connection from a client 2000/XP
Creation of client connection
In the network connection settings, click Create a new connection:
Then click Next on the appearance of the window.
Then you will be asked to choose the type of connection:
Then you will be asked to choose the type of connection:
Then, after clicking Next, choose VPN connection:
After validate this choice, enter the name of the company:
Then enter the address or name of the VPN:
Client Connection Configured
Click the shortcut to clean the connection, enter your user name and the password and not the area provided by your network administrator and click "connect"
You now have in your corporate network:
conclusion
For a business, choosing to set up a VPN for remote sites and positions can be very
useful.
Indeed a low cost per reports the assets it can bring the VPN itself as a
complete and reliable solution to connect remote networks between them. Nowadays, performance and
the capacity of Internet access whether for domestic or professional help
use this technology without constraints.
For the customer, the usage is very simple and the user can work from home while recording their data on the server of its usual business for example and those responsible for the installation, except for updates configuration, there's little maintenance.
VPNs are inexpensive solutions compared to the price of leased lines and
allowing secure access to a corporate network.