Avatar of dankyle67
dankyle67 asked on

Configuring a windows 2003 vpn server

Just started process of setting up a vpn server on one of our windows 2003 servers and had a questions regarding the setup of the 2 nic cards on the server.  I know that one of the cards is supposed to be set to handle internal network and the other one is for dedicated access to internet.  This server is currently accessible on the internet and we use remote desktop to log into it by having the ip address forwarded thru our netscreen 5gt router connected to T1 line.  Do i have to port forward another route to this same server to allow vpn connection or is that something that i do on the nic card of server itself since it is already accessible on the internet?  I'm concerned that if i change settings of the nic card on the server, then users might not be able to access it anymore via remote desktop.  My other thought is since we have the netscreen which has vpn capabilities, could we just configure it instead of setting up a vpn server using one of the internal servers?  thanks.
VPNWindows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon
Sanga Collins

THe changes need to be made on the ns5gt. If the server is sitting behind a firewall then it probably has a NAT public IP that allows you to RDP from the outside WAN. Log into this device and on the policy that allows traffic to the server. Add the ports for Windows  server VPN. you should not have to change anything on the primary or secondary network card of the server

I just completed the install of the vpn server role on the 2003 server but i guess you are correct in that i have to map the ip of the internal server address now on the netscreen.  This is pretty straightforward when i have set up a policy in the past to enable remote desktop to pass thru the netscreen using 3389 port.  Would you know how i can do this for the vpn traffic on the netscreen?  thanks.
Sanga Collins

You can actually modify the existing policy for remote desktop on the netscreen and add the ports for Windows server VPN.

do you know if you are using a VIP or a MIP for NAT the public IP to the windows server?
Your help has saved me hundreds of hours of internet surfing.

I am using MIP.  I actually was able to log into the vpn server and aside from the speed, it looks like its working.  What i did was to run the new policy wizard on the netscreen and specified the vpn policy to map to the internal ip address of the vpn server and used port 1723.  My question is that since i am using the 2nd nic card on the server as the one configured to use the vpn, since its only a 100mb card versus the 1st nic card which is running at gigabit speed, what do you suggest as far as getting it to run faster using the gigabit adapter.  The problem is that you need one card for internal lan and one card for the public ip address.
Sanga Collins

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Ok sounds good and thanks for all the help.  Last question, since all i did on the netscreen was to forward the ip address to local server ip, where is the tunneling aspect of the vpn or rather the security being handled?  Is it all on the internal vpn server?
Sanga Collins

Yes, that takes place on the internal VPN server. What you did on the netscreen is basically allow VPN users to connect to the VPN endpoint (the server) It is possible to do aVPN directly to the netscreen, but it is not as easy to manage users and allow multiple connections. For these features a VPN hardware such as sonicwall SSL VPN or VPN software such as Windows Server VPN role will work best
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Yea i saw the documentation for netscreen and lots of work.  I heard sonicwall was good as you mentioned but for now i think this setup using windows VPN will be fine.  thanks again