Windows 2000 Server: VPNs and Active Directory

Posted on 2004-08-07
Last Modified: 2010-04-14
Here is the setup:

There are six computers, five Windows XP Home and one Mac (running 10.3) in an office with Windows 2000 Server.  Right now, there is a DSL modem/router (with a static IP) that is performing DHCP and acting as a gateway to the internet.  The router is then connected to a switch, which the other computers and the server are connected to.  I set Active Directory up, then realized that XP Home computers can't connect to the server for authentication purposes.  The client is not willing to upgrade.

First and foremost, I need to set up a VPN in the office.  I am somewhat familiar with how to do this.  The server itself has only one NIC, but I can connect the DSL Modem (which I will have to swap in place of the modem/router) through a USB connection directly to the server.  Since the modem will be directly connected to the server, how do I set up the other Windows computers (I can figure out the Mac on my own) so that they connect through the server to access the internet?

Also, how do  I appropriately set up DNS so that those connecting to the network through the VPN can access the network?  I would appreciate if someone could point me in the direction of some entry-level guides to setting up DNS.
Question by:rnizlek
  • 4
  • 3
LVL 17

Accepted Solution

Eagle6990 earned 500 total points
ID: 11744890
You'll need to configure RRAS on your server to handle incoming connections. Here are some articles about it.  The last one walked me through setting up my server.

Author Comment

ID: 11744903
Thanks, those links really helped.  But in order to set up RRAS, the internet connection needs to pass through the server.  How do I set up the clients on the LAN to connect through the server to access the internet?
LVL 17

Expert Comment

ID: 11744916
Why do you want to configure a VPN inside the office?  You would want to use VPN to connect from home like you are plugged into the LAN.  XP Home can't join an Active Directory domain with Windows 2000, but they can connect to the server to access files.  You just need to configure the same usernames and passwords on each machine and server.  This is where a domain will make things easier, but as you said, the client doesn't want to upgrade.

So what are we trying to accomplish?
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.


Author Comment

ID: 11744981
Well, my question is this: in terms of the actual wiring the network, right now the DSL modem is wired through a router (the type you'd generally find in a home, probably better described as a "gateway" or "portal") and then is attached to a switch.

I know that since the router acts as a firewall it needs to be elimated as the server needs to be exposed to the internet so that external computers can connect to the VPN.  If I connect the DSL modem directly to the server and then the server to the LAN, do I need to configure the computers on the office LAN in any way to make them seek access to the internet through the server?  Or will simply activating DHCP on the server (which would set the default gateway on the computers) be enough?  In other words, since I am changing the topology of the network before I set up for the VPN (otherwise the VPN wouldn't work) do I need to make any other changes to the network to make sure I don't cut off everyone in the office from accessing the internet?
LVL 17

Expert Comment

ID: 11745211
You should be fine using your existing router, you just need to forward the proper ports to your Win2K server.  You'll need to log into your router and look for port forwarding or PAT (Port Address Translation)  Then just specify the type of port you want to foward and the IP of your Win2K server.

Here are the ports you need:

TCP port 1723
UDP port 500
UDP port 1701

Author Comment

ID: 11745325
Assuming I use port fowarding then, I should choose my LAN network adaptor as my connection to the internet when setting up the VPN?
LVL 17

Expert Comment

ID: 11746603
Correct.  You don't need to change your network configuration to get this going.  You'll still have all of your clients and server plugged into the switch that is connected to the router.  On the router you configure port forwarding for all of the ports I listed and they will all point to the IP of your server.  If your server is using DHCP, then you should configure a static IP for it so the forwarding will always work.

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Task scheduler to manage event fails 4 678
Windows 7 7 255
Software to report on NTFS folder permissions? 2 475
Migrating from IIS5 to IIS8.5 3 154
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What is Backup? Backup software creates one or more copies of the data on your digital devices in case your original data is lost or damaged. Different backup solutions protect different kinds of data and different combinations of devices. For e…
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now