Creating a VPN Server
Windows Server 2003 is the ideal server for setting up a Remote Access Service for your internet or intranet. Why Server 2003 and why not Server 2008? Most small businesses today are slower to adopt newer server software. Creating virtual private networks allows for the encryption and security of your assets when work with servers internally or externally. Businesses commonly overlook virtual private networks and think they are too complex to set up. These networks provide encryption when transferring files and communicating with servers.
In the previous parts, we examined how to setup the clients to dial into one another or to a server. This guide helps you with the basics of setting up a VPN on Server 2003.
Routing and Remote Access Service Installation
During the installation of Windows Server 2003, Routing and Remote Access service is installed automatically. This service is disabled during the installation.
Enabling Routing and Remote Access Service
Click on Start, go to Administrative Tools, click on Routing and Remote Access
After the console loads, the left pane of the console will have your local server’s name.
A green arrow indicates the services for RRS is enabled. A red arrow indicates the service is disabled.
Right click the server’s name and click on Configure and Enable Routing and Remote Access to start the setup wizard. Click next once the wizard appears.
Click Remote Access (dial up or VPN will appear) to permit remote computers to dial in or connect to the server.
Next click VPN for virtual private access.
The VPN Connection page will show the interface. Click the network interface that is connected to the Internet and click on next.
You should have a DHCP server on your network that assigns IP address to clients that dial in to the VPN server. Select Automatically and click next. You can specify a range of IP addresses to restrict VPN usage.
You should elect to keep the default settings of No, use Routing and Remote Access to authenticate connection request and click next.
Click Finish. This should enable the Routing and Remote Access service.
Individual User Accounts Access to the VPN
To allow users to connect remotely, Click on Start, go to programs, Administrative Tools and click on Active Directory Users and Computers.
Right click on the user account that you want to modify. Click on Properties and select the Dial-In tab. Click Allow access to grant the user permission to dial in.
Select a group that have right to create a VPN connection. Next, click on start, administrative tools and click Routing and Remote Access. In the console tree, expand the RRA and expand your server, click on Remote Access Policies.
Right click and point to New and select Remote Access Policy. Click next and then type a policy name and click next. Select VPN and click next. Click add and type the name of your group. Click next. A wizard will walk you through the rest of the policy.
You should check your firewall settings if connections fail. Security suites can block outbound traffic or inbound traffic. The administrator should check any rules to ensure data is allowed out on specific ports. The most common port for a Virtual Private Network is TCP port1723. Other ports such as ports 50 and 47 may be used if GRE and ESP are used. If ISAKMP is used, it may be necessary to open UDP port 500.
It is important to train users on how to use the VPN. Scripts can be added to map network drives to the server when using your VPN. This allows the user to have or share a folder on the server and ensures that whatever data is passed between the two is secure.
Remember VPNs play an important role in protecting your assets and critical data.
This post is part of the series: Virtual Private Networks in Business Environments
Virtual Private Networks provide encryption for your critical data while it is in transit to a server. This series gives a step by step tutorial on how to setup a VPN on Microsoft Windows Vista, Windows XP, Macintosh and Linux.
- Virtual Private Networks in Business Environments
- Virtual Private Networks in Buiness Environments: Windows Vista
- Virtual Private Networks in Business Environments: Windows XP
- Virtual Private Networks in Business Environments: Apple Mac
- Remote Access Service on Windows 2003 Setup Guy
- A Guide to VPN Setup in Ubuntu
- Virtual Private Networks in Business Environments - Wireless VPN Solution