I won't be going into these options in this article, however. This article series' scope is simply to get a PPTP server up and running and accepting connections from clients. One option I never recommend that you enable is the "Automatically use my Windows logon name and password and domain if any " option since it can result in a big, gaping security hole.
Basically, if you forget to log out, or whatever, anyone that walks up to the client computer could connect to your organization's network and do what they will. It's not that much work to type a user name and password. This tab provides a means for you to configure the various network options for this connection. The first option asks you about the type of VPN to which you're connecting. If you want, you can set this specifically to PPTP. At the bottom of this window, you can change network settings, including IP addressing information.
One setting, in particular, deserves attention: the choice of whether the VPN connection will use the default gateway of the remote network as its own default gateway. By default, Windows configures new connections with the option enabled that uses the default gateway on the remote network. This can often cause problems with confused traffic, and you might find that a connected client is only able to use resources on the remote network when this is enabled.
This setting may be required if you need to access resources on different subnets at your company. In these cases, use the remote network's default gateway and disconnect if you have trouble accessing Internet resources. If you're on a smaller network, or only need to access resources on the local subnet, disable this gateway feature. On the Advanced settings window, uncheck the box "Use default gateway on remote network".
Short version: If you need to access resources on multiple networks at your company, use the remote gateway. If not, don't use the remote gateway. The Advanced tab does not have any options that would be useful for a typical connection. You can configure the Windows firewall and Internet Connection Sharing from this tab, though. Now that you're connection is configured, you can click the Connect button on the main window. After you do so, you can select the connection in Network Connections and view its properties.
You will get screen similar to the ones shown below in Figures O and P. It's not the most secure VPN in the world, but it works, and is simple, which is sometimes all that's needed. Figure A Whichever method you choose, the result is the same—the new connection wizard starts On the first screen of the wizard, which contains just information about the wizard's purpose, click Next.
Figure B Choose your network connection type There are two ways that you can connect to your workplace— 1 dial-up; or 2 VPN. Figure C Choose the Virtual Private Network connection option for this step The next step of the wizard asks you to name the new connection.
Figure D Name your connection to help keep track of it The next step of the wizard asks you to decide which users should be able to use this new connection. A VPN combines the virtues of a dial-up connection to a dial-up server with the ease and flexibility of an Internet connection. By using an Internet connection, you can travel worldwide and still, in most places, connect to your office with a local call to the nearest Internet-access phone number.
If you have a high-speed Internet connection such as cable or DSL at your computer and at your office, you can communicate with your office at full Internet speed, which is much faster than any dial-up connection that uses an analog modem. This technology allows an enterprise to connect to its branch offices or to other companies over a public network while maintaining secure communications.
Virtual private networks use authenticated links to make sure that only authorized users can connect to your network. The tunneling is completed through one of the tunneling protocols included with servers running Windows Server , both of which are installed with Routing and Remote Access.
The Routing and Remote Access service is installed automatically during the installation of Windows Server By default, however, the Routing and Remote Access service is turned off. Click the server icon that matches the local server name in the left pane of the console.
If the icon has a red circle in the lower-left corner, the Routing and Remote Access service hasn't been turned on. If the icon has a green arrow pointing up in the lower-left corner, the Routing and Remote Access service has been turned on. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server:. Click to select VPN or Dial-up depending on the role that you intend to assign to this server. In the IP Address Assignment window, click Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients must only be given an address from a pre-defined pool.
In most cases, the DHCP option is simpler to administer. However, if DHCP isn't available, you must specify a range of static addresses. Click Next to continue. If you clicked From a specified range of addresses , the Address Range Assignment dialog box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Windows calculates the number of addresses automatically. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests , and then click Next to continue.
For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.
The number of dial-up modem connections is dependent on the number of modems that are installed on the server. For example, if you have only one modem installed on the server, you can have only one modem connection at a time. The number of dial-up VPN connections is dependent on the number of simultaneous users whom you want to permit. By default, when you run the procedure described in this article, you permit connections. To change the number of simultaneous connections, follow these steps:.
You can also configure a static IP address pool. Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections. To grant dial-in access to a user account if you're managing remote access on a user basis, follow these steps:. If the VPN server already permits dial-up networking remote access services, do not delete the default policy. Instead, move it so that it is the last policy to be evaluated. To set up a connection to a VPN, follow these steps.
To set up a client for virtual private network access, follow these steps on the client workstation:. Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. Click Create a new connection under Network Tasks , and then click Next.
Click Connect to the network at my workplace to create the dial-up connection. Type a descriptive name for this connection in the Company name dialog box, and then click Next. Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next.
The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide.
The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection see Figure D , a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces.
It's a good idea to enable since option it helps to protect your server from outside attack. A hardware firewall is still a good idea, too. With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here.
Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server.
To make this option work, you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example.
So, for this setting, as shown in Figure F below, I prefer to use the "From a specified range of addresses" option. Make your selection and click Next. If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click OK.
The "Number of addresses" field will be filled in automatically based on your entry.
0コメント