Setting up VPN on Server 2003

Although not new to Windows 2003, Im new to setting up a VPN from scratch!

I know how to set up the client side - thats not a problem.
I need to get round setting it up on the server side, since we did have a VPN setup auccessfully already, but since the server has finally given up, we need to order a new server and setup again from scratch - hence any ISP settings, if relevant, will still be active.......

The new server will come with 2 seperate NICs.

Currently we have our internal network, and an external IP used for the VPN.

So, for example:
Server IP: 10.195.4.xxx
External IP: 212.85.0.xxx

Offsite clients obviously connect to the VPN using the external IP.

So far, I understand that I can simply use the RRAS setup wizard to quickly and easily set up the basics, such as this guide shows:

http://articles.techrepublic.com.co...05260.html

What I dont understand, is where do I put the external IP??

One of my NICs will be set up on the internal network, with the internal server static IP of 10.195.4.xxx
The second NIC will be for my VPN - should I attach the second NIC and let it pick up a DHCP address? Or should I give it a second static address?

Do I do anything with the external IP address, such as re-route the external IP to the internal network? Or, is the re-routing all done by the ISP?

Many thanks in advance for any advice!

 

Yes, you would setup the other NIC with your external IP. You could put both IPs on one NIC if you needed to as well.

 

There is not enough information. Are you going to put your server on DMZ or you are going to use your server as firewall at the same time? What are you using to NAT your network? Hardware firewall or the server?

Just to answer your question. You have to set up routing and remote access on the server. Use NIC with 212.x.x.x as public and 10.x.x.x as private.

It has been a long time for me with Server 2003. You need to move to server 2008R2. Most business would use hardware firewall as their VPN like Cisco or Juniper because it has better performance. Newer firewall device even does VPN on web browser.

 

I would second the move to 2008R2. While 2003 works fine, it is just getting long in the tooth.

 

No, you can't! Since the guy mentions about public IP and private IP, you must have 2 NICs. You can't use just one NIC.

 

If you are dealing with a lot of clients, i agree with merlin you will be better off buying a cisco 3000 or firebox. It will save you a lot of headaches.

 

Thanks for all the comments guys.

We have a hardware firewall already in place. This is managed by an external agency. All of the traffic entering and leaving the site is also scanned, filtered, and monitored.

We have licenses for Win2003. I dont think management are going to bother with purchasing licenses for 2008, since all of the IT is being outsourced next year. Hence at the moment its a matter of just keeping things ticking along until the outsourcing agency take over, since they plan to bring in their own ICT system.

Ok, so.....

1. Set up NIC1 with the Internal IP of 10.195.4.xxx, normal subnet, gateway, and DNS.
2. Set up NIC2 with the External IP of 212.85.0.XXX, normal subnet, gateway, and DNS.
3. Run through the RRAS wizard, setting up VPN on NIC2.
4. Set up client to connect to external IP.

Should this be it?

 

1. Set up NIC1 with the Internal IP of 10.195.4.xxx, normal subnet, DNS. No gateway.
2. Set up NIC2 with the External IP of 212.85.0.XXX, normal subnet, gateway. No DNS
3. Run through the RRAS wizard, setting up VPN on NIC2.
4. Set up client to connect to external IP.

I also assume that the firwall port is open for the connection, and you are using PPTP because you didn't mention certificate or PKI.

I still think you are in the wrong direction since you mention about firewall. Why you need 2 NICs then if the firewall forward the port or NAT your network. You can just set it up with just one NIC and let the firewall does the NAT to your internal network.

 

Many thanks.
Yes Im using PPTP.

Do you mean the external IP is therefore at the firewall, and then forwards the traffic on to the internal IP?
I will contact the company that take care of our firewall and ask them what the setup is. If its already set their end, and the external IP is routing to the internal IP already, all I would need to do is set up a single NIC with the internal IP, and then go through the RRAS setup?

 

Yes, your firewall is already took care of external IP. You just have to forward the traffic from outside to inside because I assume that your server will sit behind NAT.

You just have to set up with single NIC and use firewall to forward the traffic to your server. You just have to set up VPN part on RRAS. You don't have to touch the NAT part because firewall already does that for you.

Don't take my advice like 100% because I just answer based on what you told me, but you can use it a a guideline. Every network are set up diffeeantly. I can give you the most accurate answer when I am at your site. I am kind of expensive though.

 

Ah I got you.
So I just need 1 NIC in the server since our ISP who take care of the external shoudl sort out the routing for me......I'll give them a ring though to double check.....
I guess in that case I could always reinstall a spare PC with Win2003 and trial it with that......


EDIT: I think you are spot on. Just looked at the back of our failed server, and that only has one NIC connected to our network.....

 

OK, I went through the RRAS wizard, and my VPN is set up.

Just tried connecting from home, and it connects fine!!

However, Im given a private 169.254 IP address once connected.
When going through the RRAS setup wizard I did choose to obtain IP addresses from DHCP, but Im still given a private address when I connect from home. Is there a setting Ive missed somewhere?!

 

Not to worry - Ive sorted it all!
Cheers.