• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

How do i setup a VPN??

i am a complete novice when it comes to setting up a VPN. i really dont know where to start or what program I use to connect. At the moment To connect to the office servers remotely I am used to PC Anywhere, but it makes our network too vulnerable, so I had to take it off. In addition to this i bought the Netscreen Firewall 5GT.

A bit of back ground information.
The setup:

In our office we currently have a Netscreen 5GT firewall with a 1MB internet connection
The office External IP Address is: eg,

Servers internal IP addresses are: eg,
S1 -
S2 –
S3 – 192.168.333.333

I can connect to the firewall via the browser and edit any settings. Or if necessary I can open a telnet session to connect to the firewall.

At home I am running Windows XP Professional
External IP Address is: eg,

Can someone please take me through Step by Step on how to configure a VPN for remote access.


3 Solutions
..er...what are the specs on your servers:  Operating System, etc...

You could install VNC on your server and on your client, then set port 5900-5901 on the firewall to forward to the server where you installed VNC.  I know there are free versions of VNC on the internet.

That's just 1 option, but I'd need to know your server setup first and if you run any services on those servers that would facilitate vpn....or if you just need a remote control solution like the VNC one I mentioned.

the_omnificAuthor Commented:

hi -z-

The spec of the servers are:

S1 - Windows 2003 Server - Windows Apps
S2 - Suse Openexchange - Email Server
S3 - Fedora Core 3 - File Server

VNC is an option. but id rather have that as a 2nd option
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Install the Routing and Remote Access service on the 2003 server (or just start it if you have it installed).  I *think* the defaults will let you VPN in, but you may have to customize the configuration....like who is allowed in, will you assign them an ip address, etc...but try at first with just default settings. Maybe you have to make a rule allowing a user or group dial-in privileges.

I can't possibly review all the set-up paramters of RRAS/vpn.  You can use the wizard to config and just set up to allow incoming VPN connections over PPTP.

You configure your router to allow port 1723.  Forward port 1723 to the IP address of the server (S1).

From your PC on the outside, add a new network connection.  Use the "new connection wizard" and config "VPN" to your system at work (pick connect to the network at my workplace).  The ONLY piece of info you really need is the IP address of your ROUTER.  The router will then forward correctly to Server S1.

I've done this a few times with Windows 2003.  In fact, I finished setting up a VPN server a month ago, same setup as the one I describe above.

windows 2003 allows you to setup remote access but since you have the netscreen appliance you can use that to create a VPN to your network. remote machines will connect to the netscreen appliance through the external ip address. the netscreen will authenticate the connecting devices wither with its own internal user database or you can configure it to use an 3rd party tool(i.e. Radius, RSA, SecureID). Once its connected to the netscreen it will give the VPN connection an IP address and the remote machine will be on your network then you will be able to access the 3 servers using the internal IP addresses. I've used the windows 2003 RAS service and it works well but a hardware VPN is usually better solution than software(server is never exposed). i visited juniper's site and didn't see in the manual how to setup the VPN option. there should be something that allows you to configure users for VPN access. once you get a list of users in there creating a VPN should be fairly straight foward from the client machine. if you go to net connections(assume this is XP) then create a new connection and enter the information required.
I think most good routers allow you to VPN to them.  I can't speak on the specifics of that particular model.


Being you already have a Netscreen device i would just use the netscreen remote client(NSR) and setup a vpn from your home server using a vpn connection.

home host -> remote fw/vpn gateway -> server host

I would recommend using manual key.
with NSR.
Create a new connection. and name it.
highlight the highest branch of that connection. ie + my new connection
for connection security choose secure.

for the remote party identity and addressing, choose IP address, and enter the IP address of the server you will be connecting to.

Protocol any you wish or choose all. for simplicity.

choose connect using Secure Gateway Tunnel.

id_type ip address, and input the external address of the vpn on the distant end.

next open the branch, you now should see, my identity and security policy.

under my ident. choose your nic, under internet interface., select cert. none, ,id type ip. and your ip should be filled in automaticly.

next go to security policy, Phase 1, choose manual keys.

now go down to key exchange - proprosal 1,
sa life, unspecified (or pick)
compression your choice i use none,

encapsulation protocol, (ESP) check it, can use which ever you want, ie, AES-128, SHA-1, Tunnel

create your inbound and outbound keys.  

save it.

now just match your policies on your fw. to allow the connection vpn'd using manual key.


Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now