Setting up VPN on Windows 2003 server

Jon555
Jon555 used Ask the Experts™
on
The Server is Windows 2003, with no domain , Workgroup server
user will loggin  remotely, and I am setting up another Server at another location to use as a backup Server connecting them via Internet.
My server has 2 Nic cards I want to setup the one for VPN
The Lan has a IP address 192.168.1.1 to 192.168.1.254 /sub net 255.255.255.0
The LAN Nic is set to Dynamic  ,  getting a gateway address and DNS 192.168.1.254,
The VPN Nic is static at 192.168.1.201
What should theGateway on Nic servicing VPN  I presently have "None"
What should set the DNS on card using VPN      I presently have it 192.168.1.254
What Ports should I have open in this sernario
The Customer has cisco Modem/ Router DDR200 with port triggering
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If there is a specific reason to use VPN, we get that resolved. But if you only need remote control, LogMeIn offers a free solution and is very easy to setup:
www.logmein.com

Any computer/server/router/etc on a network can only have one default gateway. If a Windows 2003 server is hosting Routing and Remote Access (RRAS), and has a NIC that connects to the internet (even if it's NAT) - then the internet NIC (or VPN nic as you labeled it) has the default gateway. The NIC that connects to the LAN has no default gateway.

DNS can be your ISP DNS, whatever that is, or a local, internal DNS server if you have one - sometimes it's the IP address of your router (if the router supports that).

Good reading:
http://www.windowsnetworking.com/articles_tutorials/using-windows-server-nat-router.html
You have two options using W2K3 - PPTP or L2TP. You might want to consider PPTP since this doesn't require certificates.

PPTP

    To allow PPTP tunnel maintenance traffic, open TCP 1723.
    To allow PPTP tunneled data to pass through router, open Protocol ID 47.

L2TP over IPSec

    To allow Internet Key Exchange (IKE), open UDP 500.
    To allow IPSec Network Address Translation (NAT-T) open UDP 5500.
    To allow L2TP traffic, open UDP 1701.

http://www.windowsitpro.com/article/pptp/which-ports-do-you-need-to-open-on-a-firewall-to-allow-pptp-and-l2tp-over-ipsec-vpn-tunnels-

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial