VPN Setup Help

[xevious2k]

Does anyone know of a good, step by step guide for setting up VPN using RRAS and L2TP/IPSec. I mean a complete idiots guide. I've been fighting with this for a week now and need to have it working by Monday.

Also, If you're a consultant in the CT area that could lend a hand, please let me know.

Thanks,
x2k

 

[deeno]

Have you already tried to configure this? If you have, what errors are you getting?

Also, how is this RRAS computer connected to the Internet? Is it behind a router? If it is, what kind of router?

Hopefully with some more info we can get you up and running!!!

deeno

 

[xevious2k]

The server has 2 NIC's in it, one to the Intranet and one to the Internet. I'm not getting any errors, I'm just not getting connected. I followed the instructions in 'The Ultimate Windows 2000 System Administrator's Guide' book that I have.

I think that the book has some errors in this section because the directions didn't make sense to me. This is what I need to accomplish:

The server has 1 modem for dial in access and 2 NIC's for Remore access from the internet.

Dial in access doesn't need any fancy encription or anything, just if the user is in the VPN group is enough security for that connection. However, when a user dials is, they should be able to access the internet and intranet through the same connection.

Users from their home high speed connections should also be able to access the internet and intranet but we want to use L2TP with IPSec for security.

 

[geeklsu]

hello,

try these steps....
To install and enable a VPN server, follow these steps:
On the Microsoft Windows 2000 VPN computer, confirm that both the connection to the Internet and the connection to your local area network (LAN) are correctly configured.
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Click the server name in the tree, and click Configure and Enable Routing and Remote Access on the Action menu, and then click Next.
In the Common Configurations dialog box, click Virtual private network (VPN server), and then click Next.
In the Remote Client Protocols dialog box, confirm that TCP/IP is included in the list, click Yes, all of the available protocols are on this list, and then click Next.
In the Internet Connection dialog box, select the Internet connection that will connect to the Internet, and then click Next.
In the IP Address Assignment dialog box, select Automatically in order to use the DHCP server on your subnet to assign IP addresses to dialup clients and to the server.
In the Managing Multiple Remote Access Servers dialog box, confirm that the No, I don't want to set up this server to use RADIUS now checkbox is selected.
Click Next, and then click Finish.
Right click the Ports node, and then click Properties.
In the Ports Properties dialog box, click the WAN Miniport (PPTP) device, and then click Configure.
In the Configure Device - WAN Miniport (PPTP) dialog box, do one of the following:
If you do not want to support direct user dialup VPN to modems installed on the server, click to clear the Demand-Dial Routing Connections (Inbound and Outbound) check box.
If you do want to support direct user dialup VPN to modems installed on the server, click to select the Demand-Dial Routing Connections (Inbound and Outbound) check box.
Type the maximum number of simultaneous PPTP connections that you want to allow in the Maximum Ports text box. (This may depend on the number of available IP addresses.
Repeat steps 11 through 13 for the L2TP device, and then click OK.




For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.

To configure the server as a router:
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
Right-click the server name, and then click Properties.
On the General tab, click to select Enable This Computer As A Router.
Select either Local area network (LAN) routing only or LAN and demand-dial routing, and then click OK to close the Properties dialog box.


Confirm the number of PPTP ports that you need. To verify the number of ports or to add ports, follow these steps:
Click Start, point to Administrative Tools, and then click Routing and Remote Access.
In the console tree, expand Routing and Remote Access, expand the server name, and then click Ports.
Right-click Ports, and then click Properties.
In the Ports Properties dialog box, click WAN Miniport (PPTP), and then click Configure.
In the Configure Device dialog box, select the maximum number of ports for the device, and then select the options to specify whether the device accepts incoming connections only, or both incoming and outgoing connections.

 

[xevious2k]

geeklus,

Thanks for the reply, it didn't work, but I think I know why. Is there any way to reset the RRAS server back to its original default configuration? Disabling and reenabling did not reset it. I need to get it back to factory defaults so I can start over.

Thanks,
x2k

 

[minxca]

Hi,

Just go to

http://www.isaserver.org.

There is vpn deployment kit doc, maybe it can help you.

 

[xevious2k]

winoto,

Thanks for the reply. That document deals mostly with ISA server, which I'm not using.

x2k

 

[minxca]

Yes it is,

But sometimes I use that documentation to build gateway to gateway without ISA server installed.