Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Make Server 2003 VPN WLAN more secure

Posted on 2004-04-08
5
Medium Priority
?
815 Views
Last Modified: 2008-02-01
Hello, right now i have the following setup:
I run a LAN with a server 2003 to allow VPN-WLAN Clients to connect to the local LAN.
LAN: 192.168.0.x (server 2003 192.168.0.2)
WLAN/ VPN: 192.168.1.x (server 2003 192.168.1.1)

NAT, RAS and VPN is working and i activated the following filters for packetfiltering to prevent Wlan Users without activated VPN to connect to the server and to be routet to the local LAN:

allow incoming:
destination-IP        
192.168.1.1    TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

allow outgoing:
source-IP
192.168.1.1   TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

This way only VPN-users can access the server 2003/ LAN/ internet.


But a friend told me, that this is a bad workaround. It would be way more secure, if i configured my network that way:

LAN eth: 192.168.0.x
native WLAN eth: 192.168.1.x      (server WLAN eth: 192.168.1.1)
virtual VPN eth: 192.168.2.x         (servervirtual VPN eth: 192.168.2.1)

Advantages:
You can allow routing only for 192.168.2.x to 192.168.0.x, which allows only VPN users to be routet into the LAN. Native WLAN users with 1.x subnet won't be routet.
If you allow only authenticated users (MS-Chap v2)  to connect the servers vpn eth, you have a very secure setup.

BUT MY PROBLEM NOW IS:
How can i change the IP of the virtual VPN eth adapters?  i need to change them on the server and on the clients as well (Clients should get their IP through the servers DHCP), and the routing has to be changed from 1.x->0.x to 2.x->0.x
The Wizard unfortunately doesn't allow this setup.
0
Comment
Question by:MaNiAcLRSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 20

Expert Comment

by:What90
ID: 10782410
Hi MaNiAcLRSC,

I think this is what you're looking for.
Open up the RRAS MMC - right click on your server name - properties - select the IP tab and then enter the ip address range you want to hand out via dhcp make sure you pick the correct adaptor.
0
 

Author Comment

by:MaNiAcLRSC
ID: 10782474
HI What90,
i hand out the IP Adresses via DHCP. The other option is a static pool, which i don't use, because i'm already using dhcp.
I didn't find the option yet where i can tell the 2003 server to differ between the WLAN adapters and the virtual VPN adapters when the dhcp hands out IP addresses. The VPN adapter is nowhere shown. Right now they both get 1.x IP addresses.
0
 
LVL 20

Accepted Solution

by:
What90 earned 780 total points
ID: 10782587
At the bottom of the IP tab on the under the DHCP is a drop down box which says automatic select adapter. You can pick which adapter gets that range of ip addresses.

If you look at step 7) on this link, it should explain and show you:
http://www.tacteam.net/isaserverorg/vpnkit/configisavpn.htm
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question