VPN – Virtual Private Network is a private network that uses a public network (internet) to connect remote site, an alternative way of leased line. Normally you would setup VPN server on your network with two netowrk cards, one for your local network and one for the VPN inbound/outbound connection. There are default authentications and higher authentication and encriptions can be setup to protect data integrity. This article will go through steps required to setup your VPN server.
Configuring VPN in Windows Server 2003 RASS (Routing & Remote Access Server).
1. Setup a server with two network interfaces. One network connection to the internet and one to your private network.
2. Join this server to RAS & IAS active directory group.
3. Login to RASS or VPN server.
4. Click Start -> All Programs -> Administrative Tools -> Routing & Remote Access. Routing & Remote Access console opens up.
5. On the left panel, Right click on the server and click Configure.
6. Click Next.
7. Select Remote Access (Dialup or VPN) option. Click Next.
8. Select VPN and click Next.
9. Select correct network interface card. Leave Enable Security check box checked.
10. Leave the IP address assignment as automatic if you have DHCP. Otherwise select “From specify range” and type the IP address range. Click Next.
11. Select an option to use RADIUS or NOT to. Click Next.
12. Click Finish once it’s complete.
Configuring Routing and Remote Access Properties to secure the VPN connections.
How to limit number of inbound VPN connections?
1. Click Start -> All Programs -> Administrative Tools -> Routing & Remote Access. Routing & Remote Access console opens up.
2. On the left panel expand and right click Ports. Click on Properties.
3. Double click PPTP if your VPN uses PPTP or double click L2TP for Layer 2 Protocol.
4. Check “Remote access connections [inbound]” to allow inbound connections.
5. Check “Demand-dial routing connections [inbound & outbound]” to allow outbound connections.
6. Set maximum number of ports to maximum number of connections needed. Any active connections greater than the specified number of connections will be terminated.
Setup VPN Authentication Methods;
There are few authentication methods that can be used to authenticate the client to the server. Based on security and compatibility required, can setup or as many methods required.
EAP – Extensible Authentication Protocols is universal protocol for PPP authentication which supports multiple authentication mechanisms. Supports smart card authentication.
MS-CHAP v2 – Most secure authentication protocol and provides strong data encryption. Supports Windows NT 4.0/Windows 98 clients and later.
MS-CHAP – is strong authentication protocol but is less secure than its updated version MS-CHAP v2. Supports Windows 95 clients and newer.
– Challenge handshake authentication supports none Microsoft clients and provides medium level authentication.
SPAP – Shiva Password Authentication Protocol encrypts the password data between the server and the client.
PAP – Password Authentication Protocol leased secure authentication method. Sends clear text password with very little protection.
Configure authentication method for Windows Server 2003 VPN;
1. Click Start -> All Programs -> Administrative Tools -> Routing & Remote Access.
2. Right click the server name object and click Properties.
3. Click the Security tab and click on Authentication Methods.
4. Select most secure authentication methods.Publisher: abdirahman isse