How do i setup a VPN??

i am a complete novice when it comes to setting up a VPN. i really dont know where to start or what program I use to connect. At the moment To connect to the office servers remotely I am used to PC Anywhere, but it makes our network too vulnerable, so I had to take it off. In addition to this i bought the Netscreen Firewall 5GT.

A bit of back ground information.
The setup:

In our office we currently have a Netscreen 5GT firewall with a 1MB internet connection
The office External IP Address is: eg,

Servers internal IP addresses are: eg,
S1 -
S2 –
S3 – 192.168.333.333

I can connect to the firewall via the browser and edit any settings. Or if necessary I can open a telnet session to connect to the firewall.

At home I am running Windows XP Professional
External IP Address is: eg,

Can someone please take me through Step by Step on how to configure a VPN for remote access.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZabagaRCommented: are the specs on your servers:  Operating System, etc...

You could install VNC on your server and on your client, then set port 5900-5901 on the firewall to forward to the server where you installed VNC.  I know there are free versions of VNC on the internet.

That's just 1 option, but I'd need to know your server setup first and if you run any services on those servers that would facilitate vpn....or if you just need a remote control solution like the VNC one I mentioned.

the_omnificAuthor Commented:

hi -z-

The spec of the servers are:

S1 - Windows 2003 Server - Windows Apps
S2 - Suse Openexchange - Email Server
S3 - Fedora Core 3 - File Server

VNC is an option. but id rather have that as a 2nd option
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Install the Routing and Remote Access service on the 2003 server (or just start it if you have it installed).  I *think* the defaults will let you VPN in, but you may have to customize the who is allowed in, will you assign them an ip address, etc...but try at first with just default settings. Maybe you have to make a rule allowing a user or group dial-in privileges.

I can't possibly review all the set-up paramters of RRAS/vpn.  You can use the wizard to config and just set up to allow incoming VPN connections over PPTP.

You configure your router to allow port 1723.  Forward port 1723 to the IP address of the server (S1).

From your PC on the outside, add a new network connection.  Use the "new connection wizard" and config "VPN" to your system at work (pick connect to the network at my workplace).  The ONLY piece of info you really need is the IP address of your ROUTER.  The router will then forward correctly to Server S1.

I've done this a few times with Windows 2003.  In fact, I finished setting up a VPN server a month ago, same setup as the one I describe above.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
windows 2003 allows you to setup remote access but since you have the netscreen appliance you can use that to create a VPN to your network. remote machines will connect to the netscreen appliance through the external ip address. the netscreen will authenticate the connecting devices wither with its own internal user database or you can configure it to use an 3rd party tool(i.e. Radius, RSA, SecureID). Once its connected to the netscreen it will give the VPN connection an IP address and the remote machine will be on your network then you will be able to access the 3 servers using the internal IP addresses. I've used the windows 2003 RAS service and it works well but a hardware VPN is usually better solution than software(server is never exposed). i visited juniper's site and didn't see in the manual how to setup the VPN option. there should be something that allows you to configure users for VPN access. once you get a list of users in there creating a VPN should be fairly straight foward from the client machine. if you go to net connections(assume this is XP) then create a new connection and enter the information required.
I think most good routers allow you to VPN to them.  I can't speak on the specifics of that particular model.


Being you already have a Netscreen device i would just use the netscreen remote client(NSR) and setup a vpn from your home server using a vpn connection.

home host -> remote fw/vpn gateway -> server host

I would recommend using manual key.
with NSR.
Create a new connection. and name it.
highlight the highest branch of that connection. ie + my new connection
for connection security choose secure.

for the remote party identity and addressing, choose IP address, and enter the IP address of the server you will be connecting to.

Protocol any you wish or choose all. for simplicity.

choose connect using Secure Gateway Tunnel.

id_type ip address, and input the external address of the vpn on the distant end.

next open the branch, you now should see, my identity and security policy.

under my ident. choose your nic, under internet interface., select cert. none, ,id type ip. and your ip should be filled in automaticly.

next go to security policy, Phase 1, choose manual keys.

now go down to key exchange - proprosal 1,
sa life, unspecified (or pick)
compression your choice i use none,

encapsulation protocol, (ESP) check it, can use which ever you want, ie, AES-128, SHA-1, Tunnel

create your inbound and outbound keys.  

save it.

now just match your policies on your fw. to allow the connection vpn'd using manual key.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.