PPTP VPN with 3Com ADSL + Windows 2000 Server

http://support.microsoft.com/support/kb/articles/Q300/4/34.ASP?LN=EN-US&SD=gn&FR=0&qry=VPN%20setup&rnk=3&src=DHCS_MSPSS_gn_SRCH&SPR=WIN2000

You'll find the above link informative. You will need to be careful if your using any type of Firewall software on your Router. If you do, you will probably need to open a couple ports. Setting up the VPN on a client is as easy as going thru the networking wizard. You will, however, need to have a public IP address on the VPN server to allow you to make a connection.

Dear mikecr,
I am not using any firewall, but I need to "translate" external ip of the 3com router to my private ip of the server where I have installed W2000 server.  Then, I need to know how to open these couple of ports, and activate pptp for connecting my VPN.

Thanks

antesla

antesla: PPTP will not work correctly through Network Address Translation because of one of the protocols that is involved (GRE -which has no set port).  Trust me on this one -your VPN Server (2000 box) HAS to have a public address assigned to one of its Network Adapter Cards.  The best way to set this up, is go to Routing and Remote Access on your server, go through the configuration wizard and indicate you want this machine to be a VPN server -it will automatically create the rules and packet filters for you. -Make sure you have SP2 loaded.  The server should have 2 adapter cards one private and one public.  Indicate that you want to use DHCP for remote VPN clients (your 2000 Professional station).  Now, get yourself a cheap firewall -I recommend a Sonic Wall that has at least 3 interfaces.  One interface will be connected to the Internet router via a crossover cable -your link outside.  The second will be connected to a DMZ where the public address of your VPN server can be found.  The last interface will have a private address and will be connected to the rest of your network.  The router will NOT NAT the VPN server -since that has a public address and goes through a different route.  However, it will NAT you other traffic.  For best results, always use a Cisco firewall -but they are expensive.  They give you a greater granularity of control.  Beware! The VPN server CANNOT also be an Internet router and perform NAT -although Microsoft insists that you can do this.  I tried this at my old company and it led to a 5 month, 3rd-level support issue from Microsoft that was never resolved.  They finally capitulated and admitted that there were "still issues with the product that needed to be resolved." -so don't even try it.  I've had others on Experts-Exchange say that they have done this -they are full of ****, do not believe them.

No comment has been added lately. It appears this question has been abandonded so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

I recommend: split points

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

thanks,
lrmoore
EE Cleanup Volunteer
---------------------