스마트폰앱

오늘:
878
어제:
2,325
전체:
2,847,812

고객센타 : 070-7752-2000
팩스 : 070-7752-2001
휴대폰 : 010-9513-0019
email : voipkorea@yahoo.co.kr

국민은행
(주)제이에스솔루션
047101-04-155519

Flag Counter
■ 무료 : 유선 집전화 휴대폰 ( 한국 미국 중국 카나다) ↔ (국내 해외 여행자 상사 주재원 유학생) / 가입무 무제한무료■

Configure a Windows Server 2003 VPN on the server side

Sometimes, simplicity is the best choice for both a technology solution and the corresponding tutorial that explains how to use the new solution. In this document, I will provide a clear, concise, systematic procedure for getting a Windows Server 2003-based PPTP VPN up and running. I'm using Windows Server 2003 with Service Pack 1 for this guide.

Add the Remote Access/VPN Server role to your Windows Server 2003 system

To add the Remote Access/VPN Server role, go to Start | All Programs | Administrative Tools | Configure Your Server Wizard. The first screen of this wizard is for informational purposes only and, thus, is not shown here. Click Next. The same goes for the second screen, which just tells you some things you need to have completed before adding new roles to your server.

On the third screen of the wizard, entitled Server Role, you're presented with a list of available roles for your server along with column that indicates whether or not a particular role has been assigned to this machine. Figure A shows you a screen from a server on which just the IIS Web server role has been added.

Figure A

figa_server_roles.jpg
To add a new role, select the role and click Next

To add the Remote Access/VPN Server role to your server, select that role and click the Next button to move on to the next screen in the wizard, which provides you with a quick overview of the options you selected.

Figure B

figb_server_roles_selection_summary.jpg
The summary screen is pretty basic for this role

Take note: This selection just starts another wizard called the Routing and Remote Access Wizard, described further below.

The Routing and Remote Access Wizard component

Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next.

The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPN and NAT" selection and click Next.

Figure C

figc_rras_configuration.jpg
Select the VPN option and click Next

The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. For VPN servers, you should install and use a separate network adapter for VPN applications. Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection (see Figure D), a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to protect your server from outside attack. A hardware firewall is still a good idea, too.

Figure D

figd_rras_select_NIC.jpg
Select the network adapter that connects your server to the Internet

With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here.

Figure E

fige_rras_network_selection.jpg
Select the network containing resources needed by external clients

Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources. You have two options (really three â€" I'll explain in a minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changes on your network equipment for DHCP packets to get from your DHCP server to your clients. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server. To make this option work, you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example. So, for this setting, as shown in Figure F below, I prefer to use the "From a specified range of addresses" option. Make your selection and click Next.

Figure F

figf_rras_ip_address_choice.jpg
Your choice on this one! I prefer to provide a range of addresses

If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click OK. The "Number of addresses" field will be filled in automatically based on your entry. You can also just enter the starting IP address and the number if IP addresses you want in the pool. If you do so, the wizard automatically calculates the ending IP address. Click OK in the New Address Range window; your entry appears in the Address Range Assignment window. Click Next to continue.

Figure G

figg_rras--address_range.jpg
You can have multiple address ranges, as long as they are all accessible

The next screen asks you to identify the network that has shared access to the Internet. This is generally the same network that your VPN users will use to access shared resources.

Figure H

figh_rras_network_selection_2.jpg
Pick the network adapter that gives you access to the Internet

Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this example, I will not be using RADIUS, but will allow RRAS to directly authenticate incoming connection requests.

Figure I

figi_rras_auth.jpg
Decide what means of authentication you want to provide

That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.

Figure J

figj_rras_summary.jpg
The RRAS wizard summary window

This also completes the installation of the Remote Access/VPN Server role.

User configuration

By default, users are not granted access to the services offered by the VPN; you need to grant these rights to each user that you want to allow remote access to your network. To do this, openActive Directory Users and Computers (for domains) or Computer Management (for stand alone networks), and open the properties page for a user to whom you'd like to grant access to the VPN. Select that user's Dial-In properties page. On this page, under Remote Access Permissions, select "Allow access". Note that there are a lot of different ways to "dial in to" a Windows Server 2003 system; a VPN is but one method. Other methods include wireless networks, 802.1x, and dial-up. This article assumes that you're not using the Windows features for these other types of networks. If you are, and you specify "Allow access", a user will be able to use multiple methods to gain access to your system. I can't go over all of the various permutations in a single article, however.

Figure K

figk_user_properties.jpg
Allow the user access to the VPN

Up and running

These are the steps needed on the server to get a VPN up and running. Of course, if you have devices such as firewalls between your VPN server and the Internet, further steps may be required; these are beyond the scope of this article, however.

50
Comments

Join the conversation!

Follow via:
RSS
Email Alert
번호
제목
글쓴이
44 How to Ping External IP from Java Android
admin
2015-05-24 1869
43 How To Get HTTP Response Header In Java
admin
2014-05-18 4991
42 What is Thread and Runnable in Java - Example 무엇인가?
admin
2014-05-04 4444
41 How do I create a new thread and have it start running?
admin
2014-05-04 2943
40 java 자바 간단한 Thread runnable 사용 방법 프로그램 쉽고 상세한 설명
admin
2014-05-04 3928
39 Tutorial 5 -Network Programming in Android source
admin
2014-05-03 2917
38 Android - pc간의 ssl 보안소켓통신
admin
2014-02-24 7295
37 HANDLING SSL CERTIFICATES IN ANDROID
admin
2014-02-24 4194
36 소켓프로그램 설명 잘됨 : 안드로이드(Andriod) 다양한 네트워크 연결 데이터 받기
admin
2014-02-18 4539
35 httpwatch 프로그램 다운로드 와 사용방법 download and how to use
admin
2014-02-18 4446
34 자바를 이용한 암호화 MD5 SHA256 AES128
admin
2014-02-18 5411
33 SSL Socket 통신 프로그램 예제 설명 깔끔한 블로그 RSA 키 생성 사용
admin
2014-02-18 9922
32 암호학과 네트워크 보안
admin
2014-02-13 4571
31 네트워크 기본지식과 자바 안드로이드 C 프로그램
admin
2014-02-13 3351
30 SSL and TLS 자세한 설명 이해하기 쉽게 설명 된 file
admin
2014-02-13 4876
29 Keypad Panel
admin
2014-02-02 4084
28 자바 JAVA 연산자, if문과 반복문
admin
2013-12-21 4224
27 네트워크 소켓 프로그램 socket programing network
admin
2013-12-04 3883
26 Message digests are secure one-way hash functions
admin
2013-11-08 4631
25 JSP 개발을 편리하게 도와주는 이클립스를 설치하는 방법을 설명합니다.
admin
2013-10-09 4297
24 Building Web Applications with Java EE 6
admin
2013-10-09 3729
23 windows 2008 DNS server 서버 구축 윈도우 file
admin
2013-04-28 6639
22 What Is VPN?
admin
2013-04-08 6744
21 How VPN Works
admin
2013-04-08 5613
20 PPP Authentication pap spap CHAP MS-CHAP MS-CHAPv2 EAP
admin
2013-04-08 6677
19 Account Policy Settings Windows server
admin
2013-04-08 5378
18 Windows 2003 VPN Server 1 LAN CARD 윈도우 2003 VPN 서버 랜카드 1개일때 설치 방법
admin
2013-04-05 7007
17 How to install VPN Server in Windows 2003
admin
2013-04-05 5226
Configure a Windows Server 2003 VPN on the server side
admin
2013-04-05 6263
15 [안드로이드] 서버/클라이언트 소켓(Socket) 통신하기
admin
2013-03-31 21750
14 Java EE Servlet/JSP tutorial : Adding MySQL and JDBC to bookstore example
admin
2013-03-31 7486
13 A Simple Java TCP Server and TCP Client
admin
2013-03-31 7620
12 TCP Server and TCP Client in Java
admin
2013-03-31 10991
11 Writing the Server Side of a Socket
admin
2013-03-31 7806
10 Client Server < Java Programming
admin
2013-03-31 6487
9 The ChatMessage class.
admin
2013-03-31 5530
8 Server Program using TCP/IP
admin
2013-03-31 5326
7 Sockets Example JAVA
admin
2013-03-31 6399
6 Source code for client server connection program by socket programming in Java
admin
2013-03-31 6110
5 This application is a simple client-server application which has a Android mobile
admin
2013-03-31 6041
4 Java Socket client server
admin
2013-03-31 5776
3 Thread Pooled Server in Java
admin
2013-03-31 8467
2 Sockets: Basic Client-Server Programming in Java - By Rick Proctor
admin
2013-03-31 6932
1 기본 학습: 소켓 프로그래밍 기본 file
admin
2013-03-31 5992