Solved

VPN best practices - Windows 2008 R2 SP1 Standard

Posted on 2014-02-14
1
1,499 Views
Last Modified: 2014-02-23
Hi,

What is the best way to setup VPN (RRAS) on a single server running Windows 2008 R2 and acting as a DC, DHCP, DNS, File and Print server ?

One NIC ?

or two NIC's (LAN & WAN) ?

Many thanks
0
Comment
Question by:LeTay
1 Comment
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39859807
Its not recommended to setup RRAS server on DC server as its not good practise to expose your DC to internet.

Its recommended to setup two NICs on member server and setup L2TP VPN \ SSTP through Windows RRAS server

L2TP VPN requires that VPN server certificate (Computer certificate) to be installed on VPN server and VPN client (Computer certificate) to be installed on client computers
Then only client computer can connect. Also you have to have domain username \ password for user authentication.
I mean this is two factor authentication
One is computer authentication through certificate based authentication  and
second is user authentication through active directory by VPN server.
You can use internal CA server to generate computer certificates for VPN server and client
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

Alternatively you can use SSTP (Secure Socket tunnelling protocol) that is new feature with 2008 RRAS servers which uses TCP 443 to connect to SSTP server and clients can connect to SSTP server on TCP 443 port and all client to server traffic is encapsulated within SSL HTTPS.
In this method, you required only one Public SSL certificate installed on SSTP server and clients will get connected to SSTP server with Public key cryptography
This is also very secure and you would require only TCP 443 to be opened from internet to SSTP server
Check below articles for step by step
http://4sysops.com/archives/how-to-setup-an-sstp-vpn-server-with-windows-server/
https://barbatunnel.codeplex.com/wikipage?title=How%20to%20setup%20and%20configure%20SSTP%20VPN%20tunnel%20on%20Windows%20Server%202008%20to%20share%20internet%20traffic%3F

You will find lots of videos on YouTube as well.

Mahesh
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
local administrator password solution 26 94
Windows 10 and WSUS 3.2 5 81
file name warning 4 38
non-domain members are not prompted for credentials 18 38
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question