Solved

VPN best practices - Windows 2008 R2 SP1 Standard

Posted on 2014-02-14
1
1,482 Views
Last Modified: 2014-02-23
Hi,

What is the best way to setup VPN (RRAS) on a single server running Windows 2008 R2 and acting as a DC, DHCP, DNS, File and Print server ?

One NIC ?

or two NIC's (LAN & WAN) ?

Many thanks
0
Comment
Question by:LeTay
1 Comment
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39859807
Its not recommended to setup RRAS server on DC server as its not good practise to expose your DC to internet.

Its recommended to setup two NICs on member server and setup L2TP VPN \ SSTP through Windows RRAS server

L2TP VPN requires that VPN server certificate (Computer certificate) to be installed on VPN server and VPN client (Computer certificate) to be installed on client computers
Then only client computer can connect. Also you have to have domain username \ password for user authentication.
I mean this is two factor authentication
One is computer authentication through certificate based authentication  and
second is user authentication through active directory by VPN server.
You can use internal CA server to generate computer certificates for VPN server and client
http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/

Alternatively you can use SSTP (Secure Socket tunnelling protocol) that is new feature with 2008 RRAS servers which uses TCP 443 to connect to SSTP server and clients can connect to SSTP server on TCP 443 port and all client to server traffic is encapsulated within SSL HTTPS.
In this method, you required only one Public SSL certificate installed on SSTP server and clients will get connected to SSTP server with Public key cryptography
This is also very secure and you would require only TCP 443 to be opened from internet to SSTP server
Check below articles for step by step
http://4sysops.com/archives/how-to-setup-an-sstp-vpn-server-with-windows-server/
https://barbatunnel.codeplex.com/wikipage?title=How%20to%20setup%20and%20configure%20SSTP%20VPN%20tunnel%20on%20Windows%20Server%202008%20to%20share%20internet%20traffic%3F

You will find lots of videos on YouTube as well.

Mahesh
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now