How to logon domain over VPN

Before I purchase Static Public IP Address for my VPN Connection , I want to know whether the following setup will work ?

VPN Client workstation and VPN Server is separated by Internet.

Both VPN client site and VPN server site are using residential DSL Modem Router ( normal ADSL Modem Router ) .

On VPN Server site , ADSL Modem Router is connected to VPN Server and behind VPN server is Domain Controller .

See the following "layout":-

VPN Client ==DSL Modem/Router ==( INTERNET ) ==DSL ModemRouter==VPN Server==DC

VPN Server site is using Dynamic Public Static IP Adress. ( I understand dynamic public IP address is not the right way to configure VPN , but I just want to try out first whether it work before I purchase Static Public IP Address )

VPN Client workstation is using XP Pro and VPN Server and DC are both use Window Server 2003 .  No Cisco product is involved for this case .

Assuming , I already setup/configure VPN Client and also on the VPN Client Properties 's Option Tab , check the box for "include Window logon domain" .

Assuming I will set port fordwarding for PPTP  on VPN Server site on the ADSL Modem/Router

Assuming VPN Client is registered Domain computer /Domain User for the remote DC.  

What else should I do to succeesfully use VPN to logon to domain ?

I see some article mentioned about :-

1)Open the VPN Client. Choose Options 
2)Choose Windows Logon Properties 
3)Uncheck Disconnect VPN connection when logging off 
4)Choose OK Note: this change to the VPN client only needs to be done once for your initial
   logon with CLO.
5)Choose Connect

Choose Log Off

But I cannot find "Windows Logon Properties" and :Disconnect VPN connection when logging off  on VPN Client , I though this is Cisco VPN Client option ???

Anyhow , please advise , what else should I do in order to logon domain over VPN ??
Just click / open VPN Client , key in VPN Server credential ( username / password ) plus key in domain name on the domain drop down  menu ? Would it work ?

I yet to try out , just want to confirm ...

I am confusing with "Windows Logon Properties" and :Disconnect VPN connection when logging off  on VPN Client which I learn from other article ....

I am not going to use any Cisco product in this setup , I only want to use Microsoft VPN to setup this and without involve any 3rd party software/technology .

Please advise . If possible step by step , starting from OPEN THE VPN CLIENT ...

Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
>>"check the box for "include Window logon domain" "
No, that will not log you on to the domain, it will just add your domain name to the user name for authentication, which is not necessary, often doesn't even work, and has nothing to do with logging the client on to the domain.

The only way to have a remote user logon to the domain at the time the VPN connection is made is to join that PC to the domain. Once done when the user logs on to their PC there will then be a check box in the logon screen "log-in using dial up connection". Selecting this will then allow the user to choose the VPN connection (assuming you have created it). This then allows the user to connect to the VPN before logon, and then authenticate to the domain and apply group policy and logon scripts. On occasion you have to use the following group policies to "tweak" the connection because VPN's are considered slow links.

Computer Configuration | Administrative Templates | System | Logon  | Always wait for the network at computer startup and login
Computer Configuration | Administrative Templates | System | Group Policy | Group Policy slow link detection
Computer Configuration | Administrative Templates | System | Scripts | Run logon scripts synchronously

Though a static IP simplifies things you can subscribe to a free DDNS service, such as or which will allow you to consistently use a dynamic IP.

As for the VPN, the following instructions may be of some help:
The basic server and client configurations can be found at the following sites with good detail:
-Server 2003 configuration:
-Windows XP client configuration:
-You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
-The users that are connecting to the VPN need to have allow access enabled under the dial-in tab of their profile in active directory
-The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office, the remote should be something like 192.168.2.x

-Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\\SharenName.
-Nome resolution can be dealt with in many ways. See:
However, the best method is to add the DNS suffix to the remote users VPN client configuration as described in the link above
Jian An LimSolutions ArchitectCommented:
okay, i am reading too many thing here.
I am not sure what you are trying to do.

let me get it right,
you cant logon domain over VPN using microsoft solutions.

u,  however, can logon to domain, then dial VPN.
this will definitely work.

So what are you trying to do, in a brief term.

in pure microsoft solution, do you know RRAS? IAS?  this is the VPN server.

kcnAuthor Commented:
Dear limjinan,
Yes, I know RRAS and IAS . Any suggestion on them ?

What I want is :-  sitting in front of VPN Client workstation , logon as Domain User but the Domain Controller is not at the same building as VPN Client , the Domain Controller is 200km from VPN Client workstation .

VPN Client and VPN Server , both are at 2 difference locations , Domain Controller is at the same location as VPN Server .  How to make VPN Client to logon domain ( logon to DC ) WITHOUT  first dial VPN ?
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

How To Configure and Use Dial-Up Connections in Windows XP
in the above u can use pptp client as ur dialup connection then once pptp connection established you can login to domain

any questions please ask

Good Luck
i mean to say after creating connection settings in windows xp

restart computer at logon screen select dialup option
kcnAuthor Commented:
Dear HarendraG ,

Try to correct me if I am wrong .

On the XP Pro Workstation ( VPN Client ):-
Start> Control Panel > Network Connection > click "add new networkplace connection" > Wizard start >
select VPN Client > 

After finish the Wizard , go to VPN Connection , Right Click on VPN Connection > Properties > Option Tab >  check the box for "include Window logon domain"

On the XP Pro workstation ( VPN Client) :-
Start > Control Panel > Network Connection > click(open) VPN Connection > the Dialog Box prompt out to request USERNAME + PASSWORD + DOMAIN > key in VPN Server authenticated Username + Password and enter the Domain name > Click "connect" button

That's all , I can dial VPN plus logon on domain ? Am I right .
YES this should work
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.