How To Configure 2003 Server as a VPN Server (Video)

Discussion in 'Networking Issues' started by DocLarge, Jan 4, 2006.

  1. DocLarge

    DocLarge Super Moderator Staff Member Member

  2. jot7

    jot7 Network Guru Member

    Awesome video! Now here is a question for you....I suppose I would set up port forwarding of my router (WRT54Gv5) so that it would forward the request to the VPN setup on the server. I already have a static IP address and I have already set up some users in Active Directory on my Server2003. I am just trying to figure out how to allow access to my server for users that I have allowed access from thier individual internet connections. I want to give them access to certain file folders and one drive for storing uploaded files. I know the basics, but just trying to put the different parts into action is what I am a little confused on. Thanks...
  3. jot7

    jot7 Network Guru Member

    Oh, I forgot to mention how my server is configured and what is on the rest of my local network. My Server2003 Std is my AD server, my DHCP server, my Print Server, and my File Server. It has 2 NIC's installed, but I am only uisng the one to connect it to the network. My router is acting as my router to connect three wired WinXP Pro machines to the network (there are set up as a workgroup) and for two wireless connections (one laptop and another desktop (WinXP Pro) acting as a wirelss bridge to another room for access to a Linux machine). I am using a Westell 6100 ADSL Modem set to bridged ethernet mode, so my Linksys router is handling my ISP's (Bellsouth) authorization requests. I can take any machine on my LAN and access the domain though I mainly let them stay in wworkgroup mode.
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    The next step is just giving users access to your server, and then to a directory where you have the information you want them to access.

    Here's what I do:

    Creating User Accounts
    - Go to "Active Directory Users & Computers;" expand the directory until you see all the folders
    - "Right" click on the "users" folder, choose "new," then choose "user" (do this for "each user who does "not" currently have access to your network from a remote location). Add users to the current directory and "not" to the builtin directory.
    - Once you've added the users you want, "right" click on the user's profile and click "properties;" look for the "dial-in" tab. This tab will allow remote access.
    - Choose the "allow access" option; make sure to click "ok" to save the selection; do this for all of your users to add to the group

    Creating Your VPN Group
    - "Right click on the "users" folder, choose "New," and then click on "group." Name this group the name of the members you want to add to it
    HINT: You may want to establish a structure of your vpn groups (i.e., Sales, Marketing, Porn (oops) ) :D I'm jus' playin'....
    - Next, double click on the vpn group you've just created; click on the "members" tab; then click "add;" you should now be able to add all of the user accounts you've just previously created. That's it.

    Be sure to repeat this entire process if you need to create additional users or groups.

    Creating Your VPN Accessible Directory
    - Go to your "D drive" (I'll assume you have your drive partitioned, by the way)
    - "Right" click anywhere and create a folder; call it "VPN." Next, "right" click on that folder and choose "sharing." Share the folder out with "any" name you decide; if you need a space in between the share name, use and underscore ( _ ); now determine the level of access you want to give.
    NOTE: "Sharing" just means users can "see" the folder; "Security" determines how much access they can have.
    - After determining share access, click on the "security" tab; I usually take off "inheritable permissions" by removing the check mark, agreeing to removing the permissions, and establish my own choice of allowable security permissions. That's it for this part.

    Once They Connect
    When the users connect, the sequence should be "verifying password," "registrering computer on the network," and finally "connected." If you've configured the microsoft vpn client properly, seeing "registering computer on the network" is the surefire way of letting you know you did it right!

    The users need to use the username/password scheme you used to create their acccounts on the vpn server when they put this information into the microsoft vpn client.

    Okay, let's say your internal network scheme is and your server is When users first connect, they'll need to click on the "start" button, then on "run," and do one of the following:

    1) typing \\ brings up "all" available shares on the server
    2) typing \\\vpn will take them directly to the vpn folder you created. Keep in mind the only reason you can put "vpn" in this string is because you shared that directory out (in the previous example above) and the users have rights to see it.

    They shouldn't be prompted to verify who they are to the server at this juncture because they connected with an recognized username/password; if asked, just use the same credentials again.

    I think I covered everything; if not, let me or one of the other folks in here know and somebody will help.

  5. jot7

    jot7 Network Guru Member

    Thanks. As soon as I get the VPN connection working through the router to the server, I will test it out. I will let you know how it turns out. Thanks again...

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice