Solved

VPN best practices - Windows 2008 R2 SP1 Standard

Posted on 2014-02-14
1
1,535 Views
Last Modified: 2014-02-23
Hi,

What is the best way to setup VPN (RRAS) on a single server running Windows 2008 R2 and acting as a DC, DHCP, DNS, File and Print server ?

One NIC ?

or two NIC's (LAN & WAN) ?

Many thanks
0
Comment
Question by:LeTay
1 Comment
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39859807
Its not recommended to setup RRAS server on DC server as its not good practise to expose your DC to internet.

Its recommended to setup two NICs on member server and setup L2TP VPN \ SSTP through Windows RRAS server

L2TP VPN requires that VPN server certificate (Computer certificate) to be installed on VPN server and VPN client (Computer certificate) to be installed on client computers
Then only client computer can connect. Also you have to have domain username \ password for user authentication.
I mean this is two factor authentication
One is computer authentication through certificate based authentication  and
second is user authentication through active directory by VPN server.
You can use internal CA server to generate computer certificates for VPN server and client
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

Alternatively you can use SSTP (Secure Socket tunnelling protocol) that is new feature with 2008 RRAS servers which uses TCP 443 to connect to SSTP server and clients can connect to SSTP server on TCP 443 port and all client to server traffic is encapsulated within SSL HTTPS.
In this method, you required only one Public SSL certificate installed on SSTP server and clients will get connected to SSTP server with Public key cryptography
This is also very secure and you would require only TCP 443 to be opened from internet to SSTP server
Check below articles for step by step
http://4sysops.com/archives/how-to-setup-an-sstp-vpn-server-with-windows-server/
https://barbatunnel.codeplex.com/wikipage?title=How%20to%20setup%20and%20configure%20SSTP%20VPN%20tunnel%20on%20Windows%20Server%202008%20to%20share%20internet%20traffic%3F

You will find lots of videos on YouTube as well.

Mahesh
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question