Solved

Routing/ Remote Access And VPN

Posted on 2004-10-06
5
274 Views
Last Modified: 2010-04-19
Right,

I have a server in the office running Windows Server 2003. This is connected to a hardware router that allows me to connect to the internet (ADSL) and also acts as a DHCP server to the 4 other computers in the office i.e. assigns them an IP address. This works fine.

I would like to be able too access the server in my office from home using VPN. How would I go about this as I have been unsuccesful so far.

The office server internet connection has a static IP address, the internal office IP address is 192.168.54.9.

I want to connect from home using my home broadband connection i.e. I won't be dialling in.

As you can probably gather, I'm new to this Routing and Remote Access and the options available are kind of overwhelming! Do I need to configure the hardware router? Is it just windows configuration needed?

Thanks.



0
Comment
Question by:SteMc99
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12236636
SteMc99
In the office, on the Windows 2003 Server you need to configure RRAS to use L2TP with a Pre-shared key (easier than a certificate):

Configure VPN Access using the RRAS Wizard

Wizard options

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


Routing and Remote Access

Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

Security: Allow custom IPSEC policy with shared key (enter text to act as shared key) "Stick Some Text in HERE"

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP and access is granted

Registry Change to allow 2048bit Diffie-Hellman connections:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD: NegotiateDH2048
Value: 1

Firewall Settings:

L2TP Inbound Requirements: Protocol 50, IPSec NAT-T UDP 4500, IKE UDP 500
(Just in Case you need them PPTP Inbound Requirement: Protocol 47, PPTP TCP 1723)

You will need to configure your firewall to forward traffic on all the ports you configured above to the internal IP of the your server - or it won't see the VPN traffic.

Client Settings:
You can then use the standard VPN dial up network client that comes with windows:
Set Preshared Key in IPSec Properties "Stick the SAME Text in HERE"
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043


Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12238499
Thanks for the reply.

I have followed as best I can the instructions above, most of it was pretty straightforward.

Still not working though unfortunately. I was unable to run the standard Wizard as I have 'less then 2 network devices detected' so I was forced to run the Custom Configuration Wizard which seemed to have less options then you gave me.

Regarding the firewall, are we talking about the hardware router as I can't find firewall settings in windows itself. For the meantime I have completely removed the firewall on my router (just for testing purposes) and, using any computer, I can access the router configuration screen through the browser by typing in my static IP address. Which makes sense but it seems that any VPN connectiion can't seem to get past the router.

I have tried setting the NAT settings on the router but I'm not quite sure what ports to map to what IP?

I really am new to networking so you'll have to beat with me ;)

Thanks again...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12240516
SteMc99
We need to find out where the problem is.

Firstly, test your VPN config by trying to access the VPN from inside the INTERNAL network. If that works then the problem is your routing.

Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12249426
Nope, won't connect.

I get the feeling we could be here some time, which I don't have at the moment so I'll close the question and return too the problem when I have a bit of spare time.

Thanks alot for the input, much appreciated.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12250683
SteMc99

VPNs can be problematic.
Raise a new Q when you have some more time to devote to it and we'll try again then.

When you raise the new Q put in a link to back here so others can see what we did.

Welcome and thanks for the points :)

Cheers

JamesDS
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now