Solved

VPN best practices - Windows 2008 R2 SP1 Standard

Posted on 2014-02-14
1
1,561 Views
Last Modified: 2014-02-23
Hi,

What is the best way to setup VPN (RRAS) on a single server running Windows 2008 R2 and acting as a DC, DHCP, DNS, File and Print server ?

One NIC ?

or two NIC's (LAN & WAN) ?

Many thanks
0
Comment
Question by:LeTay
1 Comment
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39859807
Its not recommended to setup RRAS server on DC server as its not good practise to expose your DC to internet.

Its recommended to setup two NICs on member server and setup L2TP VPN \ SSTP through Windows RRAS server

L2TP VPN requires that VPN server certificate (Computer certificate) to be installed on VPN server and VPN client (Computer certificate) to be installed on client computers
Then only client computer can connect. Also you have to have domain username \ password for user authentication.
I mean this is two factor authentication
One is computer authentication through certificate based authentication  and
second is user authentication through active directory by VPN server.
You can use internal CA server to generate computer certificates for VPN server and client
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

Alternatively you can use SSTP (Secure Socket tunnelling protocol) that is new feature with 2008 RRAS servers which uses TCP 443 to connect to SSTP server and clients can connect to SSTP server on TCP 443 port and all client to server traffic is encapsulated within SSL HTTPS.
In this method, you required only one Public SSL certificate installed on SSTP server and clients will get connected to SSTP server with Public key cryptography
This is also very secure and you would require only TCP 443 to be opened from internet to SSTP server
Check below articles for step by step
http://4sysops.com/archives/how-to-setup-an-sstp-vpn-server-with-windows-server/
https://barbatunnel.codeplex.com/wikipage?title=How%20to%20setup%20and%20configure%20SSTP%20VPN%20tunnel%20on%20Windows%20Server%202008%20to%20share%20internet%20traffic%3F

You will find lots of videos on YouTube as well.

Mahesh
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question