Solved

Routing/ Remote Access And VPN

Posted on 2004-10-06
5
278 Views
Last Modified: 2010-04-19
Right,

I have a server in the office running Windows Server 2003. This is connected to a hardware router that allows me to connect to the internet (ADSL) and also acts as a DHCP server to the 4 other computers in the office i.e. assigns them an IP address. This works fine.

I would like to be able too access the server in my office from home using VPN. How would I go about this as I have been unsuccesful so far.

The office server internet connection has a static IP address, the internal office IP address is 192.168.54.9.

I want to connect from home using my home broadband connection i.e. I won't be dialling in.

As you can probably gather, I'm new to this Routing and Remote Access and the options available are kind of overwhelming! Do I need to configure the hardware router? Is it just windows configuration needed?

Thanks.



0
Comment
Question by:SteMc99
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12236636
SteMc99
In the office, on the Windows 2003 Server you need to configure RRAS to use L2TP with a Pre-shared key (easier than a certificate):

Configure VPN Access using the RRAS Wizard

Wizard options

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


Routing and Remote Access

Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

Security: Allow custom IPSEC policy with shared key (enter text to act as shared key) "Stick Some Text in HERE"

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP and access is granted

Registry Change to allow 2048bit Diffie-Hellman connections:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD: NegotiateDH2048
Value: 1

Firewall Settings:

L2TP Inbound Requirements: Protocol 50, IPSec NAT-T UDP 4500, IKE UDP 500
(Just in Case you need them PPTP Inbound Requirement: Protocol 47, PPTP TCP 1723)

You will need to configure your firewall to forward traffic on all the ports you configured above to the internal IP of the your server - or it won't see the VPN traffic.

Client Settings:
You can then use the standard VPN dial up network client that comes with windows:
Set Preshared Key in IPSec Properties "Stick the SAME Text in HERE"
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043


Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12238499
Thanks for the reply.

I have followed as best I can the instructions above, most of it was pretty straightforward.

Still not working though unfortunately. I was unable to run the standard Wizard as I have 'less then 2 network devices detected' so I was forced to run the Custom Configuration Wizard which seemed to have less options then you gave me.

Regarding the firewall, are we talking about the hardware router as I can't find firewall settings in windows itself. For the meantime I have completely removed the firewall on my router (just for testing purposes) and, using any computer, I can access the router configuration screen through the browser by typing in my static IP address. Which makes sense but it seems that any VPN connectiion can't seem to get past the router.

I have tried setting the NAT settings on the router but I'm not quite sure what ports to map to what IP?

I really am new to networking so you'll have to beat with me ;)

Thanks again...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12240516
SteMc99
We need to find out where the problem is.

Firstly, test your VPN config by trying to access the VPN from inside the INTERNAL network. If that works then the problem is your routing.

Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12249426
Nope, won't connect.

I get the feeling we could be here some time, which I don't have at the moment so I'll close the question and return too the problem when I have a bit of spare time.

Thanks alot for the input, much appreciated.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12250683
SteMc99

VPNs can be problematic.
Raise a new Q when you have some more time to devote to it and we'll try again then.

When you raise the new Q put in a link to back here so others can see what we did.

Welcome and thanks for the points :)

Cheers

JamesDS
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now