Link to home
Start Free TrialLog in
Avatar of dankyle67
dankyle67

asked on

Configuring a windows 2003 vpn server

Hi,
Just started process of setting up a vpn server on one of our windows 2003 servers and had a questions regarding the setup of the 2 nic cards on the server.  I know that one of the cards is supposed to be set to handle internal network and the other one is for dedicated access to internet.  This server is currently accessible on the internet and we use remote desktop to log into it by having the ip address forwarded thru our netscreen 5gt router connected to T1 line.  Do i have to port forward another route to this same server to allow vpn connection or is that something that i do on the nic card of server itself since it is already accessible on the internet?  I'm concerned that if i change settings of the nic card on the server, then users might not be able to access it anymore via remote desktop.  My other thought is since we have the netscreen which has vpn capabilities, could we just configure it instead of setting up a vpn server using one of the internal servers?  thanks.
Avatar of Sanga Collins
Sanga Collins
Flag of United States of America image

THe changes need to be made on the ns5gt. If the server is sitting behind a firewall then it probably has a NAT public IP that allows you to RDP from the outside WAN. Log into this device and on the policy that allows traffic to the server. Add the ports for Windows  server VPN. you should not have to change anything on the primary or secondary network card of the server
Avatar of dankyle67
dankyle67

ASKER

I just completed the install of the vpn server role on the 2003 server but i guess you are correct in that i have to map the ip of the internal server address now on the netscreen.  This is pretty straightforward when i have set up a policy in the past to enable remote desktop to pass thru the netscreen using 3389 port.  Would you know how i can do this for the vpn traffic on the netscreen?  thanks.
You can actually modify the existing policy for remote desktop on the netscreen and add the ports for Windows server VPN.

do you know if you are using a VIP or a MIP for NAT the public IP to the windows server?
I am using MIP.  I actually was able to log into the vpn server and aside from the speed, it looks like its working.  What i did was to run the new policy wizard on the netscreen and specified the vpn policy to map to the internal ip address of the vpn server and used port 1723.  My question is that since i am using the 2nd nic card on the server as the one configured to use the vpn, since its only a 100mb card versus the 1st nic card which is running at gigabit speed, what do you suggest as far as getting it to run faster using the gigabit adapter.  The problem is that you need one card for internal lan and one card for the public ip address.
ASKER CERTIFIED SOLUTION
Avatar of Sanga Collins
Sanga Collins
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok sounds good and thanks for all the help.  Last question, since all i did on the netscreen was to forward the ip address to local server ip, where is the tunneling aspect of the vpn or rather the security being handled?  Is it all on the internal vpn server?
Yes, that takes place on the internal VPN server. What you did on the netscreen is basically allow VPN users to connect to the VPN endpoint (the server) It is possible to do aVPN directly to the netscreen, but it is not as easy to manage users and allow multiple connections. For these features a VPN hardware such as sonicwall SSL VPN or VPN software such as Windows Server VPN role will work best
Yea i saw the documentation for netscreen and lots of work.  I heard sonicwall was good as you mentioned but for now i think this setup using windows VPN will be fine.  thanks again