Solved

Make Server 2003 VPN WLAN more secure

Posted on 2004-04-08
5
801 Views
Last Modified: 2008-02-01
Hello, right now i have the following setup:
I run a LAN with a server 2003 to allow VPN-WLAN Clients to connect to the local LAN.
LAN: 192.168.0.x (server 2003 192.168.0.2)
WLAN/ VPN: 192.168.1.x (server 2003 192.168.1.1)

NAT, RAS and VPN is working and i activated the following filters for packetfiltering to prevent Wlan Users without activated VPN to connect to the server and to be routet to the local LAN:

allow incoming:
destination-IP        
192.168.1.1    TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

allow outgoing:
source-IP
192.168.1.1   TCP 1723
192.168.1.1    IP-Protocol-ID 47
deny the rest.

This way only VPN-users can access the server 2003/ LAN/ internet.


But a friend told me, that this is a bad workaround. It would be way more secure, if i configured my network that way:

LAN eth: 192.168.0.x
native WLAN eth: 192.168.1.x      (server WLAN eth: 192.168.1.1)
virtual VPN eth: 192.168.2.x         (servervirtual VPN eth: 192.168.2.1)

Advantages:
You can allow routing only for 192.168.2.x to 192.168.0.x, which allows only VPN users to be routet into the LAN. Native WLAN users with 1.x subnet won't be routet.
If you allow only authenticated users (MS-Chap v2)  to connect the servers vpn eth, you have a very secure setup.

BUT MY PROBLEM NOW IS:
How can i change the IP of the virtual VPN eth adapters?  i need to change them on the server and on the clients as well (Clients should get their IP through the servers DHCP), and the routing has to be changed from 1.x->0.x to 2.x->0.x
The Wizard unfortunately doesn't allow this setup.
0
Comment
Question by:MaNiAcLRSC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 20

Expert Comment

by:What90
ID: 10782410
Hi MaNiAcLRSC,

I think this is what you're looking for.
Open up the RRAS MMC - right click on your server name - properties - select the IP tab and then enter the ip address range you want to hand out via dhcp make sure you pick the correct adaptor.
0
 

Author Comment

by:MaNiAcLRSC
ID: 10782474
HI What90,
i hand out the IP Adresses via DHCP. The other option is a static pool, which i don't use, because i'm already using dhcp.
I didn't find the option yet where i can tell the 2003 server to differ between the WLAN adapters and the virtual VPN adapters when the dhcp hands out IP addresses. The VPN adapter is nowhere shown. Right now they both get 1.x IP addresses.
0
 
LVL 20

Accepted Solution

by:
What90 earned 195 total points
ID: 10782587
At the bottom of the IP tab on the under the DHCP is a drop down box which says automatic select adapter. You can pick which adapter gets that range of ip addresses.

If you look at step 7) on this link, it should explain and show you:
http://www.tacteam.net/isaserverorg/vpnkit/configisavpn.htm
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question