Setting up VPN on windows server 2000 with one NIC
Posted on 2006-04-11
After trawling through many posts on this website about how to set up windows server 2000 to act as a VPN server, on a machine with one NIC I think it's time to ask it again, offering full points for anyone that can give a detailed & full answer as there isn't one out there!
Ok, I have a windows server 2000 machine, connected using its one and only NIC by gigabit ethernet to the uplink port of a switch. This switch has ports 1-19 connected to client machines in the office, and port 20 connected to the router, the others are empty. All clients are 10.0.0.x and the router's LAN IP is 10.0.0.254, all set by DHCP on the server. (The router *non adsl* has its WAN port connected to the ethernet output of an old adsl router as it has a modem inbuilt, with nothing connected to the old router other than the new router, which is in the old routers DMZ- the WAN IP that the new router see's is 81.100.x.x). The server is set up with active directory, and the main use for the network is internet access (which works across all machines and the server... thanks to all that helped out on that one a few months ago :) ), filesharing (each client machine has a folder on their HD set to share- contains customer quotes etc, plus a few files on the server are shared), and running a certain specialist bit of software for orders uses a database stored on the server. Due to many now having broadband at home, and sales reps being able to have 3g datacards, we want the shared files to be accessed by people dialling into the network either from laptops with datacards or from broadband at home. There's also the possibility of sales reps using the ordering software, so the specialist software being able to access the database on the server. So basically, work as they could in the office.
The 'new' router that has been installed is a VPN one, however I hear it is better to dial into the windows VPN server instead of dialling into the router for authentication purposes (eg if an unknown client connects to the switch they cannot get access to the network, they have to log on) and for ease of use: windows vpn uses a connection made in network connections, however for the router user licenses need to be purchased for their complicated client software. The server is high-spec and doesn't do much other than host a few small files and dish out 20 IP addresses once a day so giving it something to do isn't a problem! (Please correct me if I'm wrong...)
I need a solution so people can dial a connection which will give them access to network resources as if they were an authenticated on-site user. The network works well as-is, so having a one NIC solution would be preferred to installing another NIC in the server and changing the network's topology with regard to its current DNS and internet access setup.
Advice in simple terms, right from the bottom up would be much appreciated as this is all new to me and I've got stuck with this- we have no I.T guy (yet) and no-one else dares touch this with a bargepole!
*Additional current setup info:
Server has DHCP on, reservations set for MACs. All machines and the router are in the same subnet.
Internet connection comes into the network as follows:
ADSL Line > old ADSL modem/router ( DMZ set to: ) > New router > Switch > Server, Clients
Clients have IP of server set as DNS server, router IP as gateway
Server has statically configured IP, its own IP as DNS server, router IP as gateway. ISP's DNS servers are stored in the forwarders tab of the DNS console. In the DHCP management console, in scope, the router's IP is in #003 and the server's IP in #006 DNS Servers.