/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsThink of a scenario where you need to access some important
files from your corporate server and you are sitting far away. One way is to set
up a remote access server with dial-up links. The other alternative is to set up
a remote access server over VPN. This will allow you to access your network
resources over the Internet. The links can also be secured so that data is
encrypted while being transferred. We'll explain how this can be done using
Windows 2003 server. For this, you need a multi-homed server with at least two
network cards. The remaining process is as follows.
|
Server setup
Configure both network cards with
static IP addresses, one with an internal IP of your LAN, while the other with a
public IP. You also need a firewall in between to ensure that your LAN is secure
from external access.
From your Windows 2003 server, go to
Start>Programs> Administrative tools>Routing and Remote access. This
opens a Routing and Remote Access MMC (Microsoft Management Console). On the
left panel, you will find an icon showing the server's status. Right-click on
the server icon and from the popup menu, select the 'Configure and Enable
Routing and Remote Access' option from the pop-up menu. This will launch a
Routing and Remote Access wizard to configure its services. Click on Next, and
the wizard will ask you to select the type of routing configuration you would
like to set for this machine. Select 'Virtual Private Network (VPN) Server' and
click Next. Now, the wizard will show you the Remote client Protocol page,
select 'Yes, all required protocols are on this list' option and Next. By
default setting is TCP/IP.
border=0> |
| From Routing and Remote Access wizard, you need to select the third option to set up VPN |
Here, the wizard will ask you to configure the network card
for VPN setup. Select the network card, which is connected on the public network
(203.122.29.x) and click on Next. It will open the IP address assignment page;
click on the 'automatic' radio button, if your network has a DHCP server
available. If not, click on the 'From a specified range of address' option, and
give the range of IPs for clients and click on Next. This screen will allow you
to configure the authentication mode for the VPN setup.
Adding security policies
However, you can manage
multiple remote access servers centrally with the help of RADIUS or Remote
authentication Dial-In User Service.
You can have multiple remote access servers on your network,
but you would like to authenticate users from one central server, rather than
creating users account for each remote access server. For configuring RADIUS use
IAS (Internet Authentication Server), built-in Windows 2000 Server. If you
authenticate from the same server, click “No, I don't want to setup this server
to use RADIUS now' and click next. Finally click on Finish button to complete
the Routing and Remote Assess Server configuration. After this you need to set
policy for the users so that the remote user can dial-in. To give access
policies to users to connect on the VPN server, you must specify some access
permission to the users.
 The RRAS wizard lets you choose the configuration you want,
so that remote users can connect to the VPN server from their VPN clients. Open
Routing and Remote Access from Start>Programs>Administrative tools. Click
on 'Remote Access Policies' given on the left panel, and click on plus sign (+)
to expand its sub-tree.
border=0> |
| Here from the User Management Console, select the user and set its Dial-In Accessto 'Allow Access” |
On the right panel, you find 'Allow access if dial-in
permission enabled' option, right-click it to select its properties. From the
property sheet, select 'Grant Remote Access permission' radio button, then click
'Ok' and close the Routing and Remote Access MMC. Next you need to grant
permission to the remote users to connect to the VPN server. For this open
'Active Directory User and Computer' from Start>Programs> Administrative
Tools, and select the user. Double-click on it to check user properties. From
the user property sheet, click on Dial-In tab and select 'Allow access' radio
button from Access permission Dial-In or (VPN) option. Click 'Ok' and close the
Active Directory User and Computer MMC.
Setup VPN client
Creating VPN clients is simple.
We used Win XP Pro as a remote client. Go to Start>Programs>
Accessories> Communication, and click on 'New connection Wizard'.
This runs a wizard for creating a VPN connection. Select
'Connect to the network to my workplace' and click on 'Next'. On the Network
Connection page, click on 'Virtual Private Network Connection' and click on
Next. Next, the wizard will ask you for a connection name. Provide a convenient
name to it and click on Next. Now give the IP address or DNS name for the VPN
server and click on Next. Click on Finish button to close the wizard. With this,
your VPN client is ready. Launch the VPN client with the user name and password
to connect to your office VPN server. However, the speed of access depends on
the amount of bandwidth available.
Source: PCQuest