Solved

Routing/ Remote Access And VPN

Posted on 2004-10-06
5
292 Views
Last Modified: 2010-04-19
Right,

I have a server in the office running Windows Server 2003. This is connected to a hardware router that allows me to connect to the internet (ADSL) and also acts as a DHCP server to the 4 other computers in the office i.e. assigns them an IP address. This works fine.

I would like to be able too access the server in my office from home using VPN. How would I go about this as I have been unsuccesful so far.

The office server internet connection has a static IP address, the internal office IP address is 192.168.54.9.

I want to connect from home using my home broadband connection i.e. I won't be dialling in.

As you can probably gather, I'm new to this Routing and Remote Access and the options available are kind of overwhelming! Do I need to configure the hardware router? Is it just windows configuration needed?

Thanks.



0
Comment
Question by:SteMc99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12236636
SteMc99
In the office, on the Windows 2003 Server you need to configure RRAS to use L2TP with a Pre-shared key (easier than a certificate):

Configure VPN Access using the RRAS Wizard

Wizard options

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


Routing and Remote Access

Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

Security: Allow custom IPSEC policy with shared key (enter text to act as shared key) "Stick Some Text in HERE"

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP and access is granted

Registry Change to allow 2048bit Diffie-Hellman connections:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD: NegotiateDH2048
Value: 1

Firewall Settings:

L2TP Inbound Requirements: Protocol 50, IPSec NAT-T UDP 4500, IKE UDP 500
(Just in Case you need them PPTP Inbound Requirement: Protocol 47, PPTP TCP 1723)

You will need to configure your firewall to forward traffic on all the ports you configured above to the internal IP of the your server - or it won't see the VPN traffic.

Client Settings:
You can then use the standard VPN dial up network client that comes with windows:
Set Preshared Key in IPSec Properties "Stick the SAME Text in HERE"
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043


Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12238499
Thanks for the reply.

I have followed as best I can the instructions above, most of it was pretty straightforward.

Still not working though unfortunately. I was unable to run the standard Wizard as I have 'less then 2 network devices detected' so I was forced to run the Custom Configuration Wizard which seemed to have less options then you gave me.

Regarding the firewall, are we talking about the hardware router as I can't find firewall settings in windows itself. For the meantime I have completely removed the firewall on my router (just for testing purposes) and, using any computer, I can access the router configuration screen through the browser by typing in my static IP address. Which makes sense but it seems that any VPN connectiion can't seem to get past the router.

I have tried setting the NAT settings on the router but I'm not quite sure what ports to map to what IP?

I really am new to networking so you'll have to beat with me ;)

Thanks again...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12240516
SteMc99
We need to find out where the problem is.

Firstly, test your VPN config by trying to access the VPN from inside the INTERNAL network. If that works then the problem is your routing.

Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12249426
Nope, won't connect.

I get the feeling we could be here some time, which I don't have at the moment so I'll close the question and return too the problem when I have a bit of spare time.

Thanks alot for the input, much appreciated.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12250683
SteMc99

VPNs can be problematic.
Raise a new Q when you have some more time to devote to it and we'll try again then.

When you raise the new Q put in a link to back here so others can see what we did.

Welcome and thanks for the points :)

Cheers

JamesDS
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question