Windows 2000 Server: VPNs and Active Directory

Posted on 2004-08-07
Medium Priority
Last Modified: 2010-04-14
Here is the setup:

There are six computers, five Windows XP Home and one Mac (running 10.3) in an office with Windows 2000 Server.  Right now, there is a DSL modem/router (with a static IP) that is performing DHCP and acting as a gateway to the internet.  The router is then connected to a switch, which the other computers and the server are connected to.  I set Active Directory up, then realized that XP Home computers can't connect to the server for authentication purposes.  The client is not willing to upgrade.

First and foremost, I need to set up a VPN in the office.  I am somewhat familiar with how to do this.  The server itself has only one NIC, but I can connect the DSL Modem (which I will have to swap in place of the modem/router) through a USB connection directly to the server.  Since the modem will be directly connected to the server, how do I set up the other Windows computers (I can figure out the Mac on my own) so that they connect through the server to access the internet?

Also, how do  I appropriately set up DNS so that those connecting to the network through the VPN can access the network?  I would appreciate if someone could point me in the direction of some entry-level guides to setting up DNS.
Question by:rnizlek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 17

Accepted Solution

Eagle6990 earned 2000 total points
ID: 11744890
You'll need to configure RRAS on your server to handle incoming connections. Here are some articles about it.  The last one walked me through setting up my server.


Author Comment

ID: 11744903
Thanks, those links really helped.  But in order to set up RRAS, the internet connection needs to pass through the server.  How do I set up the clients on the LAN to connect through the server to access the internet?
LVL 17

Expert Comment

ID: 11744916
Why do you want to configure a VPN inside the office?  You would want to use VPN to connect from home like you are plugged into the LAN.  XP Home can't join an Active Directory domain with Windows 2000, but they can connect to the server to access files.  You just need to configure the same usernames and passwords on each machine and server.  This is where a domain will make things easier, but as you said, the client doesn't want to upgrade.

So what are we trying to accomplish?
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Author Comment

ID: 11744981
Well, my question is this: in terms of the actual wiring the network, right now the DSL modem is wired through a router (the type you'd generally find in a home, probably better described as a "gateway" or "portal") and then is attached to a switch.

I know that since the router acts as a firewall it needs to be elimated as the server needs to be exposed to the internet so that external computers can connect to the VPN.  If I connect the DSL modem directly to the server and then the server to the LAN, do I need to configure the computers on the office LAN in any way to make them seek access to the internet through the server?  Or will simply activating DHCP on the server (which would set the default gateway on the computers) be enough?  In other words, since I am changing the topology of the network before I set up for the VPN (otherwise the VPN wouldn't work) do I need to make any other changes to the network to make sure I don't cut off everyone in the office from accessing the internet?
LVL 17

Expert Comment

ID: 11745211
You should be fine using your existing router, you just need to forward the proper ports to your Win2K server.  You'll need to log into your router and look for port forwarding or PAT (Port Address Translation)  Then just specify the type of port you want to foward and the IP of your Win2K server.

Here are the ports you need:

TCP port 1723
UDP port 500
UDP port 1701

Author Comment

ID: 11745325
Assuming I use port fowarding then, I should choose my LAN network adaptor as my connection to the internet when setting up the VPN?
LVL 17

Expert Comment

ID: 11746603
Correct.  You don't need to change your network configuration to get this going.  You'll still have all of your clients and server plugged into the switch that is connected to the router.  On the router you configure port forwarding for all of the ports I listed and they will all point to the IP of your server.  If your server is using DHCP, then you should configure a static IP for it so the forwarding will always work.

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question