Jump to content

Help with VPN

Hamins

By Hamins
in Windows 2000/2003/NT4

 Share

Recommended Posts

Hamins

Hamins

Posted
Posted

Hi,

Can anyone suggest where I can get a comprehensive Step-By-Step tutorial on how to set up a Windows 2003 server to accept VPN connection, with good security.

Also, I would like to know what changes, if any I would have to make to my router, and/or Watchguard X500 firewall.

I need to know this ASAP.

Thanx


Hamins

Hamins

Posted
  • Author
Posted

Hi,

I want to configure a VPN server. I just need to know the pre-requistes, in terms of Hardware and Software.

I have the following network enviroment.

A leased line modem connected to a router, which is connected to a Watchguard X500 Firewall, which is connected to a Gigabit switch. There is a Windows 2003 server that is a Domain Contoller, and around 15 Windows XP clients.

The firewall has one external port to which the router is connected, and 2 internal ports. One of which is connected to the Gigabit switch.

I want to make the Domain Controller act as the VPN server.

Now, taking the above mentioned network setup into consideration, I would like to know if my server needs 2 Lan Cards (NICs) for it to act as a VPN server ? If not, how do I configure a VPN server with only 1 LAN Card ? I ask this question cause my network is behind a firewall.

chilifrei64

chilifrei64

Posted
Posted (edited)

For starters I WOULD NOT use my domain controller as the vpn server as it adds much too easy access to the "Brain" of my network

What you are going to want to do is forward pptp from your watchguard to the internal IP address of the VPN Server (which should be static)

Once this mapping takes place you would be all set as long as the VPN Server is configured correctly. Sometimes firewalls get picky and want you to enable a few other things.. i dont rememver if watchguard is one of them.

But as for hardware requirements of your VPN Server.. this would depend on the number of concurrent connections you plan on having connected to the VPN.. essentially a relatively small machine can handle a large number of clients as long as you have a good network card and alot of ram.. most of the processing of network connections never really make it to the CPU.

It only NEEDS one card however if you do decide to use the DC (which I do not recommend) then I would say get another card so you can have one card dedicated to VPN and another card dedicated to the LAN domain functions. I like my DC's to have 2 nic's in them anyways, especially in a single DC enviroment.. cause if your only one goes you have nothing to fall back on.

Edited by chilifrei64
Hamins

Hamins

Posted
  • Author
Posted
For starters I WOULD NOT use my domain controller as the vpn server as it adds much too easy access to the "Brain" of my network

What you are going to want to do is forward pptp from your watchguard to the internal IP address of the VPN Server (which should be static)

Once this mapping takes place you would be all set as long as the VPN Server is configured correctly. Sometimes firewalls get picky and want you to enable a few other things.. i dont rememver if watchguard is one of them.

But as for hardware requirements of your VPN Server.. this would depend on the number of concurrent connections you plan on having connected to the VPN.. essentially a relatively small machine can handle a large number of clients as long as you have a good network card and alot of ram.. most of the processing of network connections never really make it to the CPU.

It only NEEDS one card however if you do decide to use the DC (which I do not recommend) then I would say get another card so you can have one card dedicated to VPN and another card dedicated to the LAN domain functions. I like my DC's to have 2 nic's in them anyways, especially in a single DC enviroment.. cause if your only one goes you have nothing to fall back on.

Hi Chilifrie,

Yes, you're right. Even I'm not too keen on creating a VPN server on the DC. However, I dont think I have a choice, as we have only one 2003 server, that acts as the DC, file-server, print-server, DHCPs server, DNS server etc etc.

When I was adding the VPN/Remote access role to the server, it gave me a message saying that the VPN server requires 2 NICs.

chilifrei64

chilifrei64

Posted
Posted

if you want to forward requests from the VPN to the LAN then yes you will need to have 2 nic's ... if you only have one server, in your case the DC which stores all your files then there is no need for a second nic. Only if you want requests on the VPN to be forwarded to other lan clients will this be necessary..

Honestly, nic's are so cheap right now.. adding 100 bucks to a budget shouldn't be too hard of a stretch and like i said.. i like having 2 nics on a DC anyways

Hamins

Hamins

Posted
  • Author
Posted
if you want to forward requests from the VPN to the LAN then yes you will need to have 2 nic's ... if you only have one server, in your case the DC which stores all your files then there is no need for a second nic. Only if you want requests on the VPN to be forwarded to other lan clients will this be necessary..

Honestly, nic's are so cheap right now.. adding 100 bucks to a budget shouldn't be too hard of a stretch and like i said.. i like having 2 nics on a DC anyways

Hyea Chili,

thnx for all the resopnses. I really appreciate it. It's not the question of putting in another NIC. However, I asked this question cause the VPN setup procedure would'nt go any further, cause my server did not have 2 NICs. How do I setup VPN with just one NIC?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...