Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Routing/ Remote Access And VPN

Right,

I have a server in the office running Windows Server 2003. This is connected to a hardware router that allows me to connect to the internet (ADSL) and also acts as a DHCP server to the 4 other computers in the office i.e. assigns them an IP address. This works fine.

I would like to be able too access the server in my office from home using VPN. How would I go about this as I have been unsuccesful so far.

The office server internet connection has a static IP address, the internal office IP address is 192.168.54.9.

I want to connect from home using my home broadband connection i.e. I won't be dialling in.

As you can probably gather, I'm new to this Routing and Remote Access and the options available are kind of overwhelming! Do I need to configure the hardware router? Is it just windows configuration needed?

Thanks.



0
SteMc99
Asked:
SteMc99
  • 3
  • 2
1 Solution
 
JamesDSCommented:
SteMc99
In the office, on the Windows 2003 Server you need to configure RRAS to use L2TP with a Pre-shared key (easier than a certificate):

Configure VPN Access using the RRAS Wizard

Wizard options

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


Routing and Remote Access

Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

Security: Allow custom IPSEC policy with shared key (enter text to act as shared key) "Stick Some Text in HERE"

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP and access is granted

Registry Change to allow 2048bit Diffie-Hellman connections:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD: NegotiateDH2048
Value: 1

Firewall Settings:

L2TP Inbound Requirements: Protocol 50, IPSec NAT-T UDP 4500, IKE UDP 500
(Just in Case you need them PPTP Inbound Requirement: Protocol 47, PPTP TCP 1723)

You will need to configure your firewall to forward traffic on all the ports you configured above to the internal IP of the your server - or it won't see the VPN traffic.

Client Settings:
You can then use the standard VPN dial up network client that comes with windows:
Set Preshared Key in IPSec Properties "Stick the SAME Text in HERE"
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043


Cheers

JamesDS
0
 
SteMc99Author Commented:
Thanks for the reply.

I have followed as best I can the instructions above, most of it was pretty straightforward.

Still not working though unfortunately. I was unable to run the standard Wizard as I have 'less then 2 network devices detected' so I was forced to run the Custom Configuration Wizard which seemed to have less options then you gave me.

Regarding the firewall, are we talking about the hardware router as I can't find firewall settings in windows itself. For the meantime I have completely removed the firewall on my router (just for testing purposes) and, using any computer, I can access the router configuration screen through the browser by typing in my static IP address. Which makes sense but it seems that any VPN connectiion can't seem to get past the router.

I have tried setting the NAT settings on the router but I'm not quite sure what ports to map to what IP?

I really am new to networking so you'll have to beat with me ;)

Thanks again...
0
 
JamesDSCommented:
SteMc99
We need to find out where the problem is.

Firstly, test your VPN config by trying to access the VPN from inside the INTERNAL network. If that works then the problem is your routing.

Cheers

JamesDS
0
 
SteMc99Author Commented:
Nope, won't connect.

I get the feeling we could be here some time, which I don't have at the moment so I'll close the question and return too the problem when I have a bit of spare time.

Thanks alot for the input, much appreciated.

0
 
JamesDSCommented:
SteMc99

VPNs can be problematic.
Raise a new Q when you have some more time to devote to it and we'll try again then.

When you raise the new Q put in a link to back here so others can see what we did.

Welcome and thanks for the points :)

Cheers

JamesDS
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now