Solved

Windows 2000 Server: VPNs and Active Directory

Posted on 2004-08-07
7
381 Views
Last Modified: 2010-04-14
Here is the setup:

There are six computers, five Windows XP Home and one Mac (running 10.3) in an office with Windows 2000 Server.  Right now, there is a DSL modem/router (with a static IP) that is performing DHCP and acting as a gateway to the internet.  The router is then connected to a switch, which the other computers and the server are connected to.  I set Active Directory up, then realized that XP Home computers can't connect to the server for authentication purposes.  The client is not willing to upgrade.

First and foremost, I need to set up a VPN in the office.  I am somewhat familiar with how to do this.  The server itself has only one NIC, but I can connect the DSL Modem (which I will have to swap in place of the modem/router) through a USB connection directly to the server.  Since the modem will be directly connected to the server, how do I set up the other Windows computers (I can figure out the Mac on my own) so that they connect through the server to access the internet?

Also, how do  I appropriately set up DNS so that those connecting to the network through the VPN can access the network?  I would appreciate if someone could point me in the direction of some entry-level guides to setting up DNS.
0
Comment
Question by:rnizlek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
Eagle6990 earned 500 total points
ID: 11744890
You'll need to configure RRAS on your server to handle incoming connections. Here are some articles about it.  The last one walked me through setting up my server.

http://www.microsoft.com/windows2000/technologies/communications/vpn/
http://techrepublic.com.com/5100-6268-1032135.html
http://www.dalantech.com/ubbthreads/showflat.php?Cat=&Board=win2k&Number=32335&page=0&view=collapsed&sb=5&o=&fpart=1
0
 

Author Comment

by:rnizlek
ID: 11744903
Thanks, those links really helped.  But in order to set up RRAS, the internet connection needs to pass through the server.  How do I set up the clients on the LAN to connect through the server to access the internet?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11744916
Why do you want to configure a VPN inside the office?  You would want to use VPN to connect from home like you are plugged into the LAN.  XP Home can't join an Active Directory domain with Windows 2000, but they can connect to the server to access files.  You just need to configure the same usernames and passwords on each machine and server.  This is where a domain will make things easier, but as you said, the client doesn't want to upgrade.

So what are we trying to accomplish?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:rnizlek
ID: 11744981
Well, my question is this: in terms of the actual wiring the network, right now the DSL modem is wired through a router (the type you'd generally find in a home, probably better described as a "gateway" or "portal") and then is attached to a switch.

I know that since the router acts as a firewall it needs to be elimated as the server needs to be exposed to the internet so that external computers can connect to the VPN.  If I connect the DSL modem directly to the server and then the server to the LAN, do I need to configure the computers on the office LAN in any way to make them seek access to the internet through the server?  Or will simply activating DHCP on the server (which would set the default gateway on the computers) be enough?  In other words, since I am changing the topology of the network before I set up for the VPN (otherwise the VPN wouldn't work) do I need to make any other changes to the network to make sure I don't cut off everyone in the office from accessing the internet?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11745211
You should be fine using your existing router, you just need to forward the proper ports to your Win2K server.  You'll need to log into your router and look for port forwarding or PAT (Port Address Translation)  Then just specify the type of port you want to foward and the IP of your Win2K server.

Here are the ports you need:
http://www.winntmag.com/Windows/Article/ArticleID/20274/20274.html

TCP port 1723
UDP port 500
UDP port 1701
0
 

Author Comment

by:rnizlek
ID: 11745325
Assuming I use port fowarding then, I should choose my LAN network adaptor as my connection to the internet when setting up the VPN?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11746603
Correct.  You don't need to change your network configuration to get this going.  You'll still have all of your clients and server plugged into the switch that is connected to the router.  On the router you configure port forwarding for all of the ports I listed and they will all point to the IP of your server.  If your server is using DHCP, then you should configure a static IP for it so the forwarding will always work.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem repor…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question