Configuring a Microsoft VPN Server (Quick Setup Guide)

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by DocLarge, Sep 22, 2005.

  1. DocLarge

    DocLarge Super Moderator Staff Member Member

    Configuring a Microsoft VPN Server (Quicksetup Guide)

    I found a link that has good, clean, basic setup guidelines.

    Pardon the long post. This quicksetup guide is intended for people with the 2000/2003 server editions. Furthermore, the configuration procedures listed below are for a server running a “single†LAN card, meaning its internet connection is going to come from a router with port 1723 forwarded to its ip address. If this were a multi-homed server configuration ( a server with two NICs) one card would be directly connected to the modem and the other would be dedicated to local LAN access.

    There are 19 steps (see above link); follow steps #1 thru #19 only! I'm going to highlight the areas where there will be some "minor" differences (illustrated by an “*â€) where applicable below. "Don't" worry about "creating a connectoid;" all you need to do is configure RRAS. Before you do this, make sure you have user accounts created, decide if you're going to have them in a group (recommended), and have any appropriate shares/permissions in place to allow your remote users access. I recommend creating groups for ease in adding and removing if need be. Make sure once user accounts and passwords are created you go to each “right click†on each user profile, click properties, click on the “dial in†tab, and click “allow access.†If you don’t do this, the remote client will not be able to connect.

    NOTE: If you are not running active directory on your server, go to "local users's and groups." If you are running active directory, go to "active directory users and computers."

    * Below, I'm just pointing out some key areas of interest, refer to the link above:

    - At step #8, use your own LAN scheme and reserve the amount of ip's you need
    - At step #9, choose your LAN adapter
    - At step #13, reduce the number of pptp ports to the number you need (5 is good for starters). Ideally, the number of ports available should match the number of ip addresses you designate.

    Setting the VPN Policies

    Once the RRAS service is up and running, highlight the "remote access policy" folder; right-click on the available policy and click "properties." "Day and time" are alright; click "add" and double click "tunnel type." Choose "pptp" and "gre" and use arrows to move them across; click ok. Click "add" again and choose "windows groups;" add any user group you may have configured; click okay.

    Now click "edit profile" then click "authentication" tab; choose the first two options; next, click on "encryption tab" and specify all (as default); I use strongest only or all (your preference); click ok.

    The last thing to do is to configure your vpn connection on the client computer.

    Configuring the VPN Client:

    “Right-click†on “My Network Places†and click properties; click on “create new connection,†click next and choose vpn (may vary if you’re using XP and 2000 Pro). The key thing to remember when setting the connection is to put in your WAN ip address when the wizard asks for the address. Once the icon is configured on your desktop, click on “properties.†Check the “general†tab and make sure the ip address is correct; check “options†and make sure the first two boxes are check marked (check all three if you have a domain); click “security†and activate the “advanced†option then slick “settings;†make sure MS-CHAPV2 and MS-CHAP are selected; click ok; click “networking†and make sure your vpn type is PPTP.

    NOTE: If you connect to your vpn server and find you can’t surf the internet from your client, that’s because all communications are going through the remote gateway. Should this happen just open up properties on the vpn client, click “networking,†then click on “properties,†then “advanced.†Uncheck the box and you’ll have your local surfing capabilities back.

    That should do it. If it doesn’t work, check your policy; this is generally where everything breaks down if the ip address of the server you’re connecting to is correct.

    This is just a baseline configuration. Once you get your bearings, just modify as needed.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice