Virtual Private Networking with Windows Server 2003 :: Overview
Consider a business organization that has its facilities spread across the country or around the world. There is one thing that it will need – a way to maintain fast, secure and reliable communication amongst all its branches. There are also many organizations which require their employees to access the network remotely, when they are on any on-site work. This way, the employees are able to access the network resources, as they are connected to the network of the company.
Until recently, the only choice available to the administrators was to use leased lines to maintain a WAN, which provides reliability, performance and security. However, this was not a very feasible solution, as maintaining a WAN is quite expensive. And the expenses increase with distance between the offices.
An alternative came in the form of Virtual Private Networks. A VPN is a private network that utilizes a public network (Internet) to connect remote sites or users together. Thus, instead of dedicated leased lines, a VPN uses a secure virtual connection, which is routed through the Internet, connecting remote sites or users to the network.
We can configure a Windows 2003 server to allow network access to remote clients either by configuring a dial-up remote access server or a VPN remote access server. Each method has its own advantages and disadvantages. However, the VPN technology is most widely used today, since it avoids additional costs that are associated with dial-up, in the form of long-distance phone services and hardware costs.
In order to configure a VPN server :
- You have to select the network interface used to connect to the Internet
- You need to assign an address pool. Every VPN client will need an IP address that is local to the VPN server, (The IP address should be of the same range as of the local network) so that they can access the resources of the local network.
- Finally, you need to assign remote access permissions to the users who require the privilege.
Windows 2003 allows us to implement VPN using Microsoft proprietary PPTP and Cisco’s L2TP. PPTP is a very straight forward protocol and the implementation of VPN using it is very simple. Let me explain the basic steps required to configure a PPTP VPN remote access server.
Open RRAS MMC console – Select Start -> Administrative Tools -> Routing And Remote Access.
Select the server you want to configure – From the right pane of MMC, Right-click the server and choose the option, “Configure And Enable Routing And Remote Access“. The RRAS Setup Wizard appears. Click the Next button.
Configuration page – Select the “Remote Access (Dial-Up Or VPN)” radio button, and then click Next.
Remote Access page – Select the VPN check box. Here, we are concentrating on configuring a VPN RAS.
Internet Connections page – It lists all the network interfaces that are available to the RRAS. Select the interface which you are using to connect to the Internet.
IP Address Assignment page – This page allows you to define a pool of IP addresses which will be assigned, when a VPN client connects to the server. You can do this either using DHCP or by defining an explicit address range, from a specified range of addresses button.
Managing Multiple Remote Access Servers – We can use this option in the servers to set your RRAS server work with other RADIUS-capable servers. Here, you can also choose the option “No, Use Routing And Remote Access To Authenticate Connection Requests“, if you do not want to use RADIUS.
Summary page – Click on the Finish button to start the RRAS service.
By default, the users are not granted permission to use the services provided by VPN. In the next step, we determine the users for whom we allow remote access to our network. For this, execute the following steps.
- Open User Management console.
- On the Properties page of the user for whom we need to grant access to the VPN, select the Dial in properties page.
- Select “Allow access” under Remote Access Permissions.
Your VPN is now configured.
Using a VPN can have a large impact on your company by increasing sales. Prior to VPN’s the only options for you to manage this type of communication were expensive leased lines, Frame Relay or ATM access circuits. VPN’s are the solution now. They essentially offer international business travelers with significant cost savings, compared to the dial-up charges.
About the Author :
Hari Vishnu, Software Engineer has been working with Bobcares for more than an year now. He has expertise in both Windows and Linux server Administration, and he is considered to be a master when it comes to Windows servers. Apart from the technical side, he has gained a reputation as a gifted stage performer too.