How do i setup a VPN??

Posted on 2004-11-30
Last Modified: 2008-02-01

i am a complete novice when it comes to setting up a VPN. i really dont know where to start or what program I use to connect. At the moment To connect to the office servers remotely I am used to PC Anywhere, but it makes our network too vulnerable, so I had to take it off. In addition to this i bought the Netscreen Firewall 5GT.

A bit of back ground information.
The setup:

In our office we currently have a Netscreen 5GT firewall with a 1MB internet connection
The office External IP Address is: eg,

Servers internal IP addresses are: eg,
S1 -
S2 –
S3 – 192.168.333.333

I can connect to the firewall via the browser and edit any settings. Or if necessary I can open a telnet session to connect to the firewall.

At home I am running Windows XP Professional
External IP Address is: eg,

Can someone please take me through Step by Step on how to configure a VPN for remote access.


Question by:the_omnific
    LVL 15

    Expert Comment

    by:ZabagaR are the specs on your servers:  Operating System, etc...

    LVL 15

    Expert Comment

    You could install VNC on your server and on your client, then set port 5900-5901 on the firewall to forward to the server where you installed VNC.  I know there are free versions of VNC on the internet.

    That's just 1 option, but I'd need to know your server setup first and if you run any services on those servers that would facilitate vpn....or if you just need a remote control solution like the VNC one I mentioned.

    LVL 1

    Author Comment


    hi -z-

    The spec of the servers are:

    S1 - Windows 2003 Server - Windows Apps
    S2 - Suse Openexchange - Email Server
    S3 - Fedora Core 3 - File Server

    VNC is an option. but id rather have that as a 2nd option
    LVL 15

    Accepted Solution

    Install the Routing and Remote Access service on the 2003 server (or just start it if you have it installed).  I *think* the defaults will let you VPN in, but you may have to customize the who is allowed in, will you assign them an ip address, etc...but try at first with just default settings. Maybe you have to make a rule allowing a user or group dial-in privileges.

    I can't possibly review all the set-up paramters of RRAS/vpn.  You can use the wizard to config and just set up to allow incoming VPN connections over PPTP.

    You configure your router to allow port 1723.  Forward port 1723 to the IP address of the server (S1).

    From your PC on the outside, add a new network connection.  Use the "new connection wizard" and config "VPN" to your system at work (pick connect to the network at my workplace).  The ONLY piece of info you really need is the IP address of your ROUTER.  The router will then forward correctly to Server S1.

    I've done this a few times with Windows 2003.  In fact, I finished setting up a VPN server a month ago, same setup as the one I describe above.

    LVL 9

    Assisted Solution

    windows 2003 allows you to setup remote access but since you have the netscreen appliance you can use that to create a VPN to your network. remote machines will connect to the netscreen appliance through the external ip address. the netscreen will authenticate the connecting devices wither with its own internal user database or you can configure it to use an 3rd party tool(i.e. Radius, RSA, SecureID). Once its connected to the netscreen it will give the VPN connection an IP address and the remote machine will be on your network then you will be able to access the 3 servers using the internal IP addresses. I've used the windows 2003 RAS service and it works well but a hardware VPN is usually better solution than software(server is never exposed). i visited juniper's site and didn't see in the manual how to setup the VPN option. there should be something that allows you to configure users for VPN access. once you get a list of users in there creating a VPN should be fairly straight foward from the client machine. if you go to net connections(assume this is XP) then create a new connection and enter the information required.
    LVL 15

    Expert Comment

    I think most good routers allow you to VPN to them.  I can't speak on the specifics of that particular model.


    LVL 9

    Expert Comment

    Being you already have a Netscreen device i would just use the netscreen remote client(NSR) and setup a vpn from your home server using a vpn connection.

    home host -> remote fw/vpn gateway -> server host

    I would recommend using manual key.
    LVL 9

    Assisted Solution

    with NSR.
    Create a new connection. and name it.
    highlight the highest branch of that connection. ie + my new connection
    for connection security choose secure.

    for the remote party identity and addressing, choose IP address, and enter the IP address of the server you will be connecting to.

    Protocol any you wish or choose all. for simplicity.

    choose connect using Secure Gateway Tunnel.

    id_type ip address, and input the external address of the vpn on the distant end.

    next open the branch, you now should see, my identity and security policy.

    under my ident. choose your nic, under internet interface., select cert. none, ,id type ip. and your ip should be filled in automaticly.

    next go to security policy, Phase 1, choose manual keys.

    now go down to key exchange - proprosal 1,
    sa life, unspecified (or pick)
    compression your choice i use none,

    encapsulation protocol, (ESP) check it, can use which ever you want, ie, AES-128, SHA-1, Tunnel

    create your inbound and outbound keys.  

    save it.

    now just match your policies on your fw. to allow the connection vpn'd using manual key.


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Website for comparisons 3 40
    Sonicwall SSO 11 28
    Host to host VPN issue 1 36
    Setting up a WAMP server... 7 13
    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now