Solved

VPN best practices - Windows 2008 R2 SP1 Standard

Posted on 2014-02-14
1
1,599 Views
Last Modified: 2014-02-23
Hi,

What is the best way to setup VPN (RRAS) on a single server running Windows 2008 R2 and acting as a DC, DHCP, DNS, File and Print server ?

One NIC ?

or two NIC's (LAN & WAN) ?

Many thanks
0
Comment
Question by:LeTay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39859807
Its not recommended to setup RRAS server on DC server as its not good practise to expose your DC to internet.

Its recommended to setup two NICs on member server and setup L2TP VPN \ SSTP through Windows RRAS server

L2TP VPN requires that VPN server certificate (Computer certificate) to be installed on VPN server and VPN client (Computer certificate) to be installed on client computers
Then only client computer can connect. Also you have to have domain username \ password for user authentication.
I mean this is two factor authentication
One is computer authentication through certificate based authentication  and
second is user authentication through active directory by VPN server.
You can use internal CA server to generate computer certificates for VPN server and client
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

Alternatively you can use SSTP (Secure Socket tunnelling protocol) that is new feature with 2008 RRAS servers which uses TCP 443 to connect to SSTP server and clients can connect to SSTP server on TCP 443 port and all client to server traffic is encapsulated within SSL HTTPS.
In this method, you required only one Public SSL certificate installed on SSTP server and clients will get connected to SSTP server with Public key cryptography
This is also very secure and you would require only TCP 443 to be opened from internet to SSTP server
Check below articles for step by step
http://4sysops.com/archives/how-to-setup-an-sstp-vpn-server-with-windows-server/
https://barbatunnel.codeplex.com/wikipage?title=How%20to%20setup%20and%20configure%20SSTP%20VPN%20tunnel%20on%20Windows%20Server%202008%20to%20share%20internet%20traffic%3F

You will find lots of videos on YouTube as well.

Mahesh
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question