Solved

Windows 2000 Server: VPNs and Active Directory

Posted on 2004-08-07
7
380 Views
Last Modified: 2010-04-14
Here is the setup:

There are six computers, five Windows XP Home and one Mac (running 10.3) in an office with Windows 2000 Server.  Right now, there is a DSL modem/router (with a static IP) that is performing DHCP and acting as a gateway to the internet.  The router is then connected to a switch, which the other computers and the server are connected to.  I set Active Directory up, then realized that XP Home computers can't connect to the server for authentication purposes.  The client is not willing to upgrade.

First and foremost, I need to set up a VPN in the office.  I am somewhat familiar with how to do this.  The server itself has only one NIC, but I can connect the DSL Modem (which I will have to swap in place of the modem/router) through a USB connection directly to the server.  Since the modem will be directly connected to the server, how do I set up the other Windows computers (I can figure out the Mac on my own) so that they connect through the server to access the internet?

Also, how do  I appropriately set up DNS so that those connecting to the network through the VPN can access the network?  I would appreciate if someone could point me in the direction of some entry-level guides to setting up DNS.
0
Comment
Question by:rnizlek
  • 4
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
Eagle6990 earned 500 total points
ID: 11744890
You'll need to configure RRAS on your server to handle incoming connections. Here are some articles about it.  The last one walked me through setting up my server.

http://www.microsoft.com/windows2000/technologies/communications/vpn/
http://techrepublic.com.com/5100-6268-1032135.html
http://www.dalantech.com/ubbthreads/showflat.php?Cat=&Board=win2k&Number=32335&page=0&view=collapsed&sb=5&o=&fpart=1
0
 

Author Comment

by:rnizlek
ID: 11744903
Thanks, those links really helped.  But in order to set up RRAS, the internet connection needs to pass through the server.  How do I set up the clients on the LAN to connect through the server to access the internet?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11744916
Why do you want to configure a VPN inside the office?  You would want to use VPN to connect from home like you are plugged into the LAN.  XP Home can't join an Active Directory domain with Windows 2000, but they can connect to the server to access files.  You just need to configure the same usernames and passwords on each machine and server.  This is where a domain will make things easier, but as you said, the client doesn't want to upgrade.

So what are we trying to accomplish?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:rnizlek
ID: 11744981
Well, my question is this: in terms of the actual wiring the network, right now the DSL modem is wired through a router (the type you'd generally find in a home, probably better described as a "gateway" or "portal") and then is attached to a switch.

I know that since the router acts as a firewall it needs to be elimated as the server needs to be exposed to the internet so that external computers can connect to the VPN.  If I connect the DSL modem directly to the server and then the server to the LAN, do I need to configure the computers on the office LAN in any way to make them seek access to the internet through the server?  Or will simply activating DHCP on the server (which would set the default gateway on the computers) be enough?  In other words, since I am changing the topology of the network before I set up for the VPN (otherwise the VPN wouldn't work) do I need to make any other changes to the network to make sure I don't cut off everyone in the office from accessing the internet?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11745211
You should be fine using your existing router, you just need to forward the proper ports to your Win2K server.  You'll need to log into your router and look for port forwarding or PAT (Port Address Translation)  Then just specify the type of port you want to foward and the IP of your Win2K server.

Here are the ports you need:
http://www.winntmag.com/Windows/Article/ArticleID/20274/20274.html

TCP port 1723
UDP port 500
UDP port 1701
0
 

Author Comment

by:rnizlek
ID: 11745325
Assuming I use port fowarding then, I should choose my LAN network adaptor as my connection to the internet when setting up the VPN?
0
 
LVL 17

Expert Comment

by:Eagle6990
ID: 11746603
Correct.  You don't need to change your network configuration to get this going.  You'll still have all of your clients and server plugged into the switch that is connected to the router.  On the router you configure port forwarding for all of the ports I listed and they will all point to the IP of your server.  If your server is using DHCP, then you should configure a static IP for it so the forwarding will always work.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime is disastrous for companies and can lead to major hits on a brand, reputation, an…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question