Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VPN Server??
- Thread starter MattWray
- Start date
You should be able to set up VPN too. In the RRAS install and configure this option. The VPN requires the ability to assign from your DHCP pool to outside clients, so make sure you have enough left. I am not using the Win2K server for VPN myself, but I thought there weren't any problems running these two in RRAS at once.
Alex
Alex
- Thread starter
- #5
- Thread starter
- #6
Alex, in an earlier post with my DNS probs you said :
"If all these steps check out, then you are good to go. If you are worried about security in this case, then your firewall/router isn't good enough.
In extreme security cases, I would suggest placing TWO dual homed servers after the firewall, first is member server still with DNS, DHCP, and NAT plus IP packet-filter software, second is AD server with DNS and DHCP. Now you could set one IP address scope in firewall, one IP address scope in packet-filter server, and your ordinary network scope in AD server. Anyone compromising the firewall, and the packet-filter server must be sitting at the desk NEXT to you, cause they are NOT coming in from outside.
Could I set up a second server as you said and have it running the VPN RRAS? IE: DSL > Router > VPN server with filters > Domain Controller > LAN.
What do you think?
Matt Wray
CCNA
"If all these steps check out, then you are good to go. If you are worried about security in this case, then your firewall/router isn't good enough.
In extreme security cases, I would suggest placing TWO dual homed servers after the firewall, first is member server still with DNS, DHCP, and NAT plus IP packet-filter software, second is AD server with DNS and DHCP. Now you could set one IP address scope in firewall, one IP address scope in packet-filter server, and your ordinary network scope in AD server. Anyone compromising the firewall, and the packet-filter server must be sitting at the desk NEXT to you, cause they are NOT coming in from outside.
Could I set up a second server as you said and have it running the VPN RRAS? IE: DSL > Router > VPN server with filters > Domain Controller > LAN.
What do you think?
Matt Wray
CCNA
Matt,
You can set up the RRAS server in between the firewall and your AD server, but this box would still need to run NAT (to get packets from the NAT in the AD server out to the internet.) And then you couldn't connect to your AD server (as it is using NAT to protect itself from that WAN NIC), you could ONLY connect to the RRAS server. I'd only suggest this arrangement for a serious security concern. Put the RRAS on your AD and NAT server and your outside clients can access the whole domain.
Alex
You can set up the RRAS server in between the firewall and your AD server, but this box would still need to run NAT (to get packets from the NAT in the AD server out to the internet.) And then you couldn't connect to your AD server (as it is using NAT to protect itself from that WAN NIC), you could ONLY connect to the RRAS server. I'd only suggest this arrangement for a serious security concern. Put the RRAS on your AD and NAT server and your outside clients can access the whole domain.
Alex
- Status
Similar threads
- Locked
- Question
- Locked
- Question