How to setup VPN

If your VPN client cannot find servers or cannot ping computernmae, you may need to add DNS and WINS into your VPN server. For example, to add DNS and WINS on a Cisco Firewall PIX, add vpdn group 1 client configuation dns dnsservername and vpdn group 1 client configuration wins winsservername..

If you have Windows 2003 server as VPN server, you can assign a static IP under user's properties. If you use other Windows OS as VPN server, you may do create a DHCP reservation.

If you are running w2k/xp pro setup for a domain controller, you will have a option to "log on using dial-up connection" on logon screen after creating a VPN/dial-up connection. In the Log On to Windows dialog box, the user can select the Log on using dial-up connection check box. After clicking OK, the user is prompted to choose a network connection.

When you setup the RRAS, a set of default Input and Output Filters on the external adapter on the VPN server will be created. If you aren't running your server in a highly secure environment, you can comfortably place the server outside the firewall and restrict incoming VPN traffic to PPTP packets only. To display and mortify these filters, go to Routing and Remote Access>IP Routing>General, and then you can add or edit the packet filters of the dedicated Local Area Connection. Or to enable PPTP filtering from Control Panel, select the Network applet, Protocols, TCP/IP Protocols, the WAN adapter, Advanced. Then, select the Enable PPTP Filtering check box, as Screen 1 shows. When you enable PPTP filtering, the server will refuse all non-PPTP requests.

How do I set up a modem to dial into a remote compute

You need to install your modem from the control panel if you haven't already, and you need to set up the dialup networking server on your remote computer. (This is included with Win98, NT4 and w2k/xp. On Win95 it is in the Plus! pack, but you need to get an update to version 1.3 or later from Microsoft's site. At the time of writing it can be found here.) You can enable the dialup server from the 'Connections' menu of the dial-up networking window. If it isn't there, or if you've updated the dialup networking as mentioned above, you need to install it using the Windows Setup section of 'Add/Remove Programs' in the control panel.

You can configure an incoming connection to accept the following connection types: (modem, ISDN, X.25), VPN (PPTP, L2TP), or direct (serial, infrared, DirectParallel). On a computer running Windows 2000, 2003 or XP Pro, an incoming connection can accept up to three incoming calls, up to one of each of these types. Note: on a computer running Windows 2000/2003 Server, the number of inbound calls is only limited by the computer and its hardware configuration.

To create VPN connection, open Networking Connections>New Connection Wizard>Set up an advanced connection>Accept incoming connections, then follow the instruction.

Open RRAS, right-click on the RRAS server>Properties>IP. You will have two options, DHCP and Static address pool.

You may have two options to setup VPN server on Windows 2003. 1) Create an incoming networking connection if you have small network or you want to setup one PC to PC VPN; 2) If you have large numbers of incoming connections on a server that operates as part of a distributed network or as a domain controller, you should use RRA to create a VPN server.

Symptoms: When attempting to create VPN on w2k server with one NIC, you may receive "You have chosen the last available connection as the Internet connection. A VPN server required that one connection be used as the private network connection" if you select the NIC.

1. You should highlight No internet connection instead of the NIC or LAN connection.
2. You may try "Manually configured server option".

In order to use PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723.

To setup a Windows 2000 server for VPN, open Routing and Remote Access console in the Administrative Tools folder, right-click the server and then click Configure and Enable Routing and Remote Access>Virtual private network [VPN] server. Click Next if TCP/IP is only protocol you will use. Select a connection you will connect to on the Internet Connection. You will have two options to assign IP to VPN clients. The default is Automatically. It is recommended to configure the server to assign client addresses from a static address pool, rather than assigning addresses from a DHCP server. If you configure RAS to assign client addresses from a static address pool, clients inherit the DNS and WINS settings from the RAS server. If your RAS server can browse the network, clients should also be able to browse the network with the same settings. If you prefer DHCP, verify that DHCP scope option 44 (WINS/NetBIOS name server) points to the WINS server and scope option 6 shows the address of your DNS server. When you don't define these options, you almost guarantee problems with client browsing. Finally, you can select using RADIUS or not.

NOTE: If VPN traffic is traveling through a router or firewall, configure the router or firewall to pass PPTP (TCP Port 1723 and IP Protocol ID 47 [GRE - Generic Routing Encapsulation]) or L2TP over IPSec (UDP Port 500 and IP Protocol ID 50 [Encapsulating Security Payload]) traffic to and from the VPN server.

How to configure Win 2000/XP Pro as VPN host

Prior to Windows 2000/XP Pro, you must add PPTP on NT 4.0 Server to establish VPN connections. With the release of Windows 2000/XP Pro, you have the ability to run a Windows 2000/XP Pro as a VPN host. However, Windows 2000/XP Pro enables only one VPN connection at a time and requires Internet Protocol (IP).

Before you start the VPN configuration, you should have a equipment (modem, T1, Frame Relay, ADSL, or cable modem) connecting to the Internet. Also make sure you have correct TCP/IP settings on the W2K/XP.

To setup Win XP (in our case) Pro as VPN host, go to the Properties of My Network Places>Create a New Connections>Set up a Advanced Connection>Accept Incoming Connections. On the Devices for Incoming Connections dialog box, do not select any device, only click Next and check Allow Private Connections, and then click Next. On the Allowed Users dialog box, select or add all users for whom you want to enable access. The accounts have to exist on both computers that are involved in establishing the VPN connection. On the New Connection Wizard, File and Printer Sharing for Microsoft Networks, Internet Protocol (TCP/IP) and Client for Microsoft Networks should be listed as networking components. By default, Allow callers to access my local area network and Assign TCP/IP address automatically using DHCP are checked. If you would like to keep the default settings, click Next to continue. Now, the Incoming Connection icon should show on Incoming section under the Properties of My Network Places and is ready to use.

How to configure a W2K/XP as VPN client

To connect to a VPN server, you should have a dail-in modem or a dedicated connection to the Internet. To setup a XP client to access the VPN host, go to the Properties of My Network Places>Create a New Connections>Connect to the network at my workplace>Virtual Private Network connection. Type Computer that will be showed as connection name in VPN section, select Do not dial the initial connection and then type the VPN host IP. You have two options to create this connection for anyone or for yourself.

How to configuring a multihomed VPN server

If the VPN server has two network cards, one for the LAN and one for the WAN, leave the gateway on the LAN adapter blank. In the gateway field of the WAN network interface, enter the TCP/IP address that your ISP defines; the gateway address usually points to a router at your ISP. It is recommend you manually enter the TCP/IP address, DNS and WINS for the LAN NIC instead of using DHCP.

How to establish VPN connection automatically

How to configure Win 2000/XP Pro as VPN host

How to configure a W2K/XP as VPN client

How to configuring a multihomed VPN server