• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 457
  • Last Modified:

Windows 2000 Server: VPNs and Active Directory

Here is the setup:

There are six computers, five Windows XP Home and one Mac (running 10.3) in an office with Windows 2000 Server.  Right now, there is a DSL modem/router (with a static IP) that is performing DHCP and acting as a gateway to the internet.  The router is then connected to a switch, which the other computers and the server are connected to.  I set Active Directory up, then realized that XP Home computers can't connect to the server for authentication purposes.  The client is not willing to upgrade.

First and foremost, I need to set up a VPN in the office.  I am somewhat familiar with how to do this.  The server itself has only one NIC, but I can connect the DSL Modem (which I will have to swap in place of the modem/router) through a USB connection directly to the server.  Since the modem will be directly connected to the server, how do I set up the other Windows computers (I can figure out the Mac on my own) so that they connect through the server to access the internet?

Also, how do  I appropriately set up DNS so that those connecting to the network through the VPN can access the network?  I would appreciate if someone could point me in the direction of some entry-level guides to setting up DNS.
0
rnizlek
Asked:
rnizlek
  • 4
  • 3
1 Solution
 
Eagle6990Commented:
You'll need to configure RRAS on your server to handle incoming connections. Here are some articles about it.  The last one walked me through setting up my server.

http://www.microsoft.com/windows2000/technologies/communications/vpn/
http://techrepublic.com.com/5100-6268-1032135.html
http://www.dalantech.com/ubbthreads/showflat.php?Cat=&Board=win2k&Number=32335&page=0&view=collapsed&sb=5&o=&fpart=1
0
 
rnizlekAuthor Commented:
Thanks, those links really helped.  But in order to set up RRAS, the internet connection needs to pass through the server.  How do I set up the clients on the LAN to connect through the server to access the internet?
0
 
Eagle6990Commented:
Why do you want to configure a VPN inside the office?  You would want to use VPN to connect from home like you are plugged into the LAN.  XP Home can't join an Active Directory domain with Windows 2000, but they can connect to the server to access files.  You just need to configure the same usernames and passwords on each machine and server.  This is where a domain will make things easier, but as you said, the client doesn't want to upgrade.

So what are we trying to accomplish?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
rnizlekAuthor Commented:
Well, my question is this: in terms of the actual wiring the network, right now the DSL modem is wired through a router (the type you'd generally find in a home, probably better described as a "gateway" or "portal") and then is attached to a switch.

I know that since the router acts as a firewall it needs to be elimated as the server needs to be exposed to the internet so that external computers can connect to the VPN.  If I connect the DSL modem directly to the server and then the server to the LAN, do I need to configure the computers on the office LAN in any way to make them seek access to the internet through the server?  Or will simply activating DHCP on the server (which would set the default gateway on the computers) be enough?  In other words, since I am changing the topology of the network before I set up for the VPN (otherwise the VPN wouldn't work) do I need to make any other changes to the network to make sure I don't cut off everyone in the office from accessing the internet?
0
 
Eagle6990Commented:
You should be fine using your existing router, you just need to forward the proper ports to your Win2K server.  You'll need to log into your router and look for port forwarding or PAT (Port Address Translation)  Then just specify the type of port you want to foward and the IP of your Win2K server.

Here are the ports you need:
http://www.winntmag.com/Windows/Article/ArticleID/20274/20274.html

TCP port 1723
UDP port 500
UDP port 1701
0
 
rnizlekAuthor Commented:
Assuming I use port fowarding then, I should choose my LAN network adaptor as my connection to the internet when setting up the VPN?
0
 
Eagle6990Commented:
Correct.  You don't need to change your network configuration to get this going.  You'll still have all of your clients and server plugged into the switch that is connected to the router.  On the router you configure port forwarding for all of the ports I listed and they will all point to the IP of your server.  If your server is using DHCP, then you should configure a static IP for it so the forwarding will always work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now