Solved

Make Server 2003 VPN WLAN more secure

Posted on 2004-04-08
5
788 Views
Last Modified: 2008-02-01
Hello, right now i have the following setup:
I run a LAN with a server 2003 to allow VPN-WLAN Clients to connect to the local LAN.
LAN: 192.168.0.x (server 2003 192.168.0.2)
WLAN/ VPN: 192.168.1.x (server 2003 192.168.1.1)

NAT, RAS and VPN is working and i activated the following filters for packetfiltering to prevent Wlan Users without activated VPN to connect to the server and to be routet to the local LAN:

allow incoming:
destination-IP        
192.168.1.1    TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

allow outgoing:
source-IP
192.168.1.1   TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

This way only VPN-users can access the server 2003/ LAN/ internet.


But a friend told me, that this is a bad workaround. It would be way more secure, if i configured my network that way:

LAN eth: 192.168.0.x
native WLAN eth: 192.168.1.x      (server WLAN eth: 192.168.1.1)
virtual VPN eth: 192.168.2.x         (servervirtual VPN eth: 192.168.2.1)

Advantages:
You can allow routing only for 192.168.2.x to 192.168.0.x, which allows only VPN users to be routet into the LAN. Native WLAN users with 1.x subnet won't be routet.
If you allow only authenticated users (MS-Chap v2)  to connect the servers vpn eth, you have a very secure setup.

BUT MY PROBLEM NOW IS:
How can i change the IP of the virtual VPN eth adapters?  i need to change them on the server and on the clients as well (Clients should get their IP through the servers DHCP), and the routing has to be changed from 1.x->0.x to 2.x->0.x
The Wizard unfortunately doesn't allow this setup.
0
Comment
Question by:MaNiAcLRSC
  • 2
5 Comments
 
LVL 20

Expert Comment

by:What90
ID: 10782410
Hi MaNiAcLRSC,

I think this is what you're looking for.
Open up the RRAS MMC - right click on your server name - properties - select the IP tab and then enter the ip address range you want to hand out via dhcp make sure you pick the correct adaptor.
0
 

Author Comment

by:MaNiAcLRSC
ID: 10782474
HI What90,
i hand out the IP Adresses via DHCP. The other option is a static pool, which i don't use, because i'm already using dhcp.
I didn't find the option yet where i can tell the 2003 server to differ between the WLAN adapters and the virtual VPN adapters when the dhcp hands out IP addresses. The VPN adapter is nowhere shown. Right now they both get 1.x IP addresses.
0
 
LVL 20

Accepted Solution

by:
What90 earned 195 total points
ID: 10782587
At the bottom of the IP tab on the under the DHCP is a drop down box which says automatic select adapter. You can pick which adapter gets that range of ip addresses.

If you look at step 7) on this link, it should explain and show you:
http://www.tacteam.net/isaserverorg/vpnkit/configisavpn.htm
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now