We help IT Professionals succeed at work.

VPN on Server 2003

Adamylo
Adamylo asked
on
Medium Priority
295 Views
Last Modified: 2010-03-18
I would like to setup a folder on my windows 2003 server so I and others can access this folder over the internet. I am guessing this is a VPN.

I only want access to the floder and not other parts of the server.

How is this done?
Comment
Watch Question

CERTIFIED EXPERT

Commented:
The easiest way I found out lately is to use ssl explorer for this www.3sp.com
It will do a lot more then you want but you can safely share a folder over the internet.

Regards,

trenes
CERTIFIED EXPERT
Top Expert 2013
Commented:
Restricting access to the folder would be done with your user permissions, but to set up the VPN, which is a secure method, have a look at the following:
The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm

The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name. Using the IP address is less problematic such as \\192.168.1.111\SharenName. If you want to resolve NetBIOS names we can elaborate on how to "fix" that, if not working properly.

Note: If you are using Small Business Server, this should be configured using it's wizards rather than doing so manually.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I already have remote access set up, will this be effected do you think?

Cheers
CERTIFIED EXPERT
Top Expert 2013

Commented:
What do you mean by "have remote access set up"?
If remote desktop, you can access over the VPN as well as outside of it should you wish. Most methods would be completely isolated from the VPN if you wish.

You could also set up FTP services for your users, but if there can be serious risks with FTP servers, if your primary or file server is located on the same hardware.

Author

Commented:
The server is configured so that I do have remote access in over the internet. I would like to keep the two seperate if I could.

No need for ftp.

I just want to be able to share docs with my partner who is elsewhere. I am also going overseas so having the VPN seems the best option.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Sure that is fine, you can use remote access/desktop the way you have been doing, as well as set up the Vpn. If you set up the VPN and want more secure access you can also use remote access using the VPN tunnel. The only difference is, without the VPN you use your public IP address as you have been doing, but if you connect through the VPN you use the local IP address.

If it is just for file sharing and other option is to set up Sharepoint services on your server:
http://www.microsoft.com/sharepoint/default.mspx

Author

Commented:
Rob your help was great, I was able to set up a VPN where I could connect to the server.

One question I do have is that, once connected how do i get to a specifc folder on the server. The laptop connects fine to teh server but I am unbale to look at anything on the server.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Browsing over a VPN will usually only work if you have WINS server. Browsing requires NetBIOS and it is not routable. However, you can connect to a share using the IP such as:
\\192.168.123.123\ShareName
or map a drive using:
net  use  z:  \\192.168.123.123\ShareName

You can also use computer names such as  \\ServerName\ShareName  if name resolution is working. WINS will look after that, or you can use some of the following suggestions:
1) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
2) if you have a WINS server add that to the network cards configuration
3) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
4) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
5) verify your router does not have a "block NetBIOS broadcast" option enabled
6) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.