Solved

Routing/ Remote Access And VPN

Posted on 2004-10-06
5
281 Views
Last Modified: 2010-04-19
Right,

I have a server in the office running Windows Server 2003. This is connected to a hardware router that allows me to connect to the internet (ADSL) and also acts as a DHCP server to the 4 other computers in the office i.e. assigns them an IP address. This works fine.

I would like to be able too access the server in my office from home using VPN. How would I go about this as I have been unsuccesful so far.

The office server internet connection has a static IP address, the internal office IP address is 192.168.54.9.

I want to connect from home using my home broadband connection i.e. I won't be dialling in.

As you can probably gather, I'm new to this Routing and Remote Access and the options available are kind of overwhelming! Do I need to configure the hardware router? Is it just windows configuration needed?

Thanks.



0
Comment
Question by:SteMc99
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 12236636
SteMc99
In the office, on the Windows 2003 Server you need to configure RRAS to use L2TP with a Pre-shared key (easier than a certificate):

Configure VPN Access using the RRAS Wizard

Wizard options

Remote Access (dial-up or VPN)
VPN only
External WAN - disable security
Internal LAN
Automatic IP Address assignment
Use RRAS to authenticate


Routing and Remote Access

Server Properties
General: Enable the computer as a LAN Router only
General: Remote Access Server

Security: Allow custom IPSEC policy with shared key (enter text to act as shared key) "Stick Some Text in HERE"

IP: Enable IP Routing
IP: This server can assign addresses by using DHCP
IP: Enable broadcast name resolution (select internal NIC)

PPP: Check all

Logging: Log all Events only

Ports: Add 5 L2TP inbound only, turn everything else off

IP Routing: only General and Static Routes, remove everything else

Remote Access Policies: Delete default policies, add new policy where tunnel type = L2TP and access is granted

Registry Change to allow 2048bit Diffie-Hellman connections:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD: NegotiateDH2048
Value: 1

Firewall Settings:

L2TP Inbound Requirements: Protocol 50, IPSec NAT-T UDP 4500, IKE UDP 500
(Just in Case you need them PPTP Inbound Requirement: Protocol 47, PPTP TCP 1723)

You will need to configure your firewall to forward traffic on all the ports you configured above to the internal IP of the your server - or it won't see the VPN traffic.

Client Settings:
You can then use the standard VPN dial up network client that comes with windows:
Set Preshared Key in IPSec Properties "Stick the SAME Text in HERE"
Install IPSec NAT-T update for XP: http://support.microsoft.com/?kbid=818043


Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12238499
Thanks for the reply.

I have followed as best I can the instructions above, most of it was pretty straightforward.

Still not working though unfortunately. I was unable to run the standard Wizard as I have 'less then 2 network devices detected' so I was forced to run the Custom Configuration Wizard which seemed to have less options then you gave me.

Regarding the firewall, are we talking about the hardware router as I can't find firewall settings in windows itself. For the meantime I have completely removed the firewall on my router (just for testing purposes) and, using any computer, I can access the router configuration screen through the browser by typing in my static IP address. Which makes sense but it seems that any VPN connectiion can't seem to get past the router.

I have tried setting the NAT settings on the router but I'm not quite sure what ports to map to what IP?

I really am new to networking so you'll have to beat with me ;)

Thanks again...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12240516
SteMc99
We need to find out where the problem is.

Firstly, test your VPN config by trying to access the VPN from inside the INTERNAL network. If that works then the problem is your routing.

Cheers

JamesDS
0
 

Author Comment

by:SteMc99
ID: 12249426
Nope, won't connect.

I get the feeling we could be here some time, which I don't have at the moment so I'll close the question and return too the problem when I have a bit of spare time.

Thanks alot for the input, much appreciated.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12250683
SteMc99

VPNs can be problematic.
Raise a new Q when you have some more time to devote to it and we'll try again then.

When you raise the new Q put in a link to back here so others can see what we did.

Welcome and thanks for the points :)

Cheers

JamesDS
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question