VPN connection to my internal servers

[chicagotech]

what we have:

•Our network consist in a CISCO router that holds a public static IP address and do NAT to the local network, and VPN Service
•The domain server is a Windows Server 2008 Standard R2 x32, has a static local ip address.
•I want my clints to acces my ADC server, which in Win 2008 R2
•The client machines are Windows XP SP3 x86.

What I want:

•Encrypted connection.
•Authentication.
•Secure, the server contains valuable work.

[chicagotech]

First of all, it is not recommanded to enable VPN on a DC. Otherwise, you may have some connectivity issue or name resolution issue. However, I do understand many small business may not have budget to buy another other server. You can try it. Pay attention to DNS settigns. These search resutls may help.

How to install and configure VPN on Windows 2008
Feb 8, 2007 ... How to install and configure VPN on Windows 2008. Open the Windows 2008 Server Manager or Initial Configuration Tasks. Click the Add Roles. ...
www.howtonetworking.com/Windows/2008vpn1.htm

Name resolution on VPN
Jump to No domain server was available" while the dialup connection is active‎: Symptom: you have windows 2000 domain controller with DNS, DHCP, ...
www.chicagotech.net/nameresolutionpnvpn.htm

[chicagotech]

I agree with Bob. Making a VPN connection to a DC/DNS server will cause all sorts of problems. As soon as a client connects, you have a multihomed server which can cause all sorts of problems with name resolution and computer browsing. Have a look at KB 292822 for a summary of these problems (which are still there in server 2008).

Your post says that your DC is Server 2008 Standard R2 x32. I presume that it should be SP2, not R2. There is no 32-bit version or R2. R2 (and future versions of Windows Server) are 64-bit only.






--------------------------------------------------------------------------------
Bill

[chicagotech]

Before we move on, I would like to confirm the following information with you:

1. Does the cisco router hold the NAT and VPN service?

2. Could you tell me that what is the “ ADC server” ?

3. What is the DC’s OS version? Because in windows server 2008 R2 we have not X32 version.



I thought you may like some security suggestion for clients access to internal server via VPN from external networking.

If I misunderstand please let me know.



>Encrypted connection.

Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPsec) connections are recommended for the strongest encryption.

>Authentication.

The most secure method of authentication is Extensible Authentication Protocol-Transport Level Security (EAP-TLS) when used in conjunction with smart cards.

>Secure, the server contains valuable work.

Use the Microsoft Baseline Security Analyzer (MBSA) utility.

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.



For more detail information, please the article below



Security recommendations for a VPN



http://technet.microsoft.com/en-us/libr ... 95071.aspx



Enterprise Security Best Practices



http://technet.microsoft.com/en-us/libr ... .aspx#ELAA



Microsoft Baseline Security Analyzer



http://technet.microsoft.com/en-us/secu ... 84924.aspx



Thanks



Tiger Li