Simple VPN setup and configuration needed

Hello there and happy holidays,

I am an experienced tech, but have very limited knowledge on VPN setups.
Here's my situation:
Got a server running Windows Server 2003 R2 as workgroup (not setup with Active Directory) in an office. 7 users are connected to that server locally via wired and wireless Ethernet.
I need to access that server remotely from 6 PCs.
I already ran the VPN setup on Server 2003.
I currently have 1 NIC, but could have 2.
I tested the 1 NIC with a stating IP I got from I assume I have to enter for a subnet and the gateway address is the one I get from the router I have??
Other than this, I am lost.
Can I use only 1 NIC? or do I need 2?
I checked Microsoft Technet forums, but other than a cookie cutter setup, don't help with my situation..
Thank you!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You will need one NIC card. You should configure the Windows Server to have a static IP. The static IP is not the one you get it from but you select one from your local area network such as
Server IP “this is if your network is”
Default Gateway :
Now all the local computers on this network can access Server.
For remote access you can set a VPN on the router so the remote users can access the Server as they became member of the same network or you create port forwarding to the Server, so if you need to connect over Server’s VPN or Remote desktop or FTP you will need just a port forward from the router to the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HMBNETPCAuthor Commented:
oh, OK, that makes sense.
Let me test this with my router and I'll let you know the outcome.
Thanks a lot, imadimad.

HMBNETPCAuthor Commented:
I have 1 question: when I setup the remote connection on a client PC, what IP do I specify on that connection? If my VPN server will have a local (non-public) IP?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

HMBNETPCAuthor Commented:
imadimad:  also, what port do I have to FWD? and port #?
Thanks a lot.
The easiest way is to set the router to forward all the ports to the server but this is will create a security problem. The practical way is to forward the TCP port 3389 for RDP and To connect to a remote Windows Virtual Private Network you need to open up TCP port 1723 and IP protocol ID 47.
The external user will use the public ip for the router for the remote desktop and the router will forward the connection to server.
Other way is to use the Demilitarized zone physical port on your router that expose your server to the LAN & WAN
David SpigelmanPresident / CEOCommented:
There are other alternatives (because MS RRAS is such a pain):

Hardware-based VPN - Your router or firewall might support VPN connectivity, in which case you could have users connect remotely to that device, and then allow them clear-through access to your network once they've established the connection. You didn't say whether those 6 other users were in one place, but if they are, you could set up a point-to-point VPN between the routers on both sides, and just have the tunnel going between them. If not, typically the individual machines would need some sort of VPN client on their machines to make the connection, and then, again, they'd just be on the network.
Hamachi VPN - Hamachi is a service that you'd typically need to subscribe to. I believe it was purchased by LogMeIn. You set up the VPN, and then invite all the member machines to join it. You can set up the VPN in different ways, including a gateway solution, which would enable your 6 remote users to access the internal network via the connection to the server with the agent running. One big advantage to this solution is that it's all based on outbound connections, so you typically don't need to do anything on your routers to get traffic through the VPN. A disadvantage is that you'd pay an annual fee. But that fee allows you to connect up to 256 machines.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Another recommendation, as PPTP resp. GRE (protocol 47) is indeed a PITA in many cases, is to use the build-in L2TP/IPsec feature. You just need to set up a global password (passphrase), which is used to initate the connection, and then usual user/password identification is started.
L2TP/IPsec only requires that you forward udp/500 (IPSec) to the MS RRAS server. It is much more reliable than PPTP&GRE, and less prone to firewall/NAT/forward issues.
HMBNETPCAuthor Commented:
Thank you all, great help here.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.