Solved

VPN on Server 2003

Posted on 2006-10-25
8
232 Views
Last Modified: 2010-03-18
I would like to setup a folder on my windows 2003 server so I and others can access this folder over the internet. I am guessing this is a VPN.

I only want access to the floder and not other parts of the server.

How is this done?
0
Comment
Question by:Adamylo
  • 4
  • 3
8 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 17809931
The easiest way I found out lately is to use ssl explorer for this www.3sp.com
It will do a lot more then you want but you can safely share a folder over the internet.

Regards,

trenes
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17814358
Restricting access to the folder would be done with your user permissions, but to set up the VPN, which is a secure method, have a look at the following:
The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm

The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name. Using the IP address is less problematic such as \\192.168.1.111\SharenName. If you want to resolve NetBIOS names we can elaborate on how to "fix" that, if not working properly.

Note: If you are using Small Business Server, this should be configured using it's wizards rather than doing so manually.
0
 

Author Comment

by:Adamylo
ID: 17817220
I already have remote access set up, will this be effected do you think?

Cheers
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17817241
What do you mean by "have remote access set up"?
If remote desktop, you can access over the VPN as well as outside of it should you wish. Most methods would be completely isolated from the VPN if you wish.

You could also set up FTP services for your users, but if there can be serious risks with FTP servers, if your primary or file server is located on the same hardware.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:Adamylo
ID: 17817273
The server is configured so that I do have remote access in over the internet. I would like to keep the two seperate if I could.

No need for ftp.

I just want to be able to share docs with my partner who is elsewhere. I am also going overseas so having the VPN seems the best option.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17817289
Sure that is fine, you can use remote access/desktop the way you have been doing, as well as set up the Vpn. If you set up the VPN and want more secure access you can also use remote access using the VPN tunnel. The only difference is, without the VPN you use your public IP address as you have been doing, but if you connect through the VPN you use the local IP address.

If it is just for file sharing and other option is to set up Sharepoint services on your server:
http://www.microsoft.com/sharepoint/default.mspx
0
 

Author Comment

by:Adamylo
ID: 17831562
Rob your help was great, I was able to set up a VPN where I could connect to the server.

One question I do have is that, once connected how do i get to a specifc folder on the server. The laptop connects fine to teh server but I am unbale to look at anything on the server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17831612
Browsing over a VPN will usually only work if you have WINS server. Browsing requires NetBIOS and it is not routable. However, you can connect to a share using the IP such as:
\\192.168.123.123\ShareName
or map a drive using:
net  use  z:  \\192.168.123.123\ShareName

You can also use computer names such as  \\ServerName\ShareName  if name resolution is working. WINS will look after that, or you can use some of the following suggestions:
1) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
2) if you have a WINS server add that to the network cards configuration
3) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
4) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
5) verify your router does not have a "block NetBIOS broadcast" option enabled
6) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Resolve DNS query failed errors for Exchange
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now