Simple VPN setup and configuration needed

Hello there and happy holidays,

I am an experienced tech, but have very limited knowledge on VPN setups.
Here's my situation:
Got a server running Windows Server 2003 R2 as workgroup (not setup with Active Directory) in an office. 7 users are connected to that server locally via wired and wireless Ethernet.
I need to access that server remotely from 6 PCs.
I already ran the VPN setup on Server 2003.
I currently have 1 NIC, but could have 2.
I tested the 1 NIC with a stating IP I got from I assume I have to enter for a subnet and the gateway address is the one I get from the router I have??
Other than this, I am lost.
Can I use only 1 NIC? or do I need 2?
I checked Microsoft Technet forums, but other than a cookie cutter setup, don't help with my situation..
Thank you!
Who is Participating?
You will need one NIC card. You should configure the Windows Server to have a static IP. The static IP is not the one you get it from but you select one from your local area network such as
Server IP “this is if your network is”
Default Gateway :
Now all the local computers on this network can access Server.
For remote access you can set a VPN on the router so the remote users can access the Server as they became member of the same network or you create port forwarding to the Server, so if you need to connect over Server’s VPN or Remote desktop or FTP you will need just a port forward from the router to the server.
HMBNETPCAuthor Commented:
oh, OK, that makes sense.
Let me test this with my router and I'll let you know the outcome.
Thanks a lot, imadimad.

HMBNETPCAuthor Commented:
I have 1 question: when I setup the remote connection on a client PC, what IP do I specify on that connection? If my VPN server will have a local (non-public) IP?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

HMBNETPCAuthor Commented:
imadimad:  also, what port do I have to FWD? and port #?
Thanks a lot.
The easiest way is to set the router to forward all the ports to the server but this is will create a security problem. The practical way is to forward the TCP port 3389 for RDP and To connect to a remote Windows Virtual Private Network you need to open up TCP port 1723 and IP protocol ID 47.
The external user will use the public ip for the router for the remote desktop and the router will forward the connection to server.
Other way is to use the Demilitarized zone physical port on your router that expose your server to the LAN & WAN
d0ughb0yPresident / CEOCommented:
There are other alternatives (because MS RRAS is such a pain):

Hardware-based VPN - Your router or firewall might support VPN connectivity, in which case you could have users connect remotely to that device, and then allow them clear-through access to your network once they've established the connection. You didn't say whether those 6 other users were in one place, but if they are, you could set up a point-to-point VPN between the routers on both sides, and just have the tunnel going between them. If not, typically the individual machines would need some sort of VPN client on their machines to make the connection, and then, again, they'd just be on the network.
Hamachi VPN - Hamachi is a service that you'd typically need to subscribe to. I believe it was purchased by LogMeIn. You set up the VPN, and then invite all the member machines to join it. You can set up the VPN in different ways, including a gateway solution, which would enable your 6 remote users to access the internal network via the connection to the server with the agent running. One big advantage to this solution is that it's all based on outbound connections, so you typically don't need to do anything on your routers to get traffic through the VPN. A disadvantage is that you'd pay an annual fee. But that fee allows you to connect up to 256 machines.
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Another recommendation, as PPTP resp. GRE (protocol 47) is indeed a PITA in many cases, is to use the build-in L2TP/IPsec feature. You just need to set up a global password (passphrase), which is used to initate the connection, and then usual user/password identification is started.
L2TP/IPsec only requires that you forward udp/500 (IPSec) to the MS RRAS server. It is much more reliable than PPTP&GRE, and less prone to firewall/NAT/forward issues.
HMBNETPCAuthor Commented:
Thank you all, great help here.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.