SSTP VPN to server from Windows 2003 Server

Setting up PPTP VPN in Windows Server 2003

Can't setup a VPN to Windows 2003 Server
Free Newsletters, In your Inbox. MDMarra 92k 27 Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform. After all, the point of a remote access VPN is to provide access to internal network resources from outside the organization. Here, you must select which of these services or both that you want to offer from this server. Ask your question anytime, anywhere, with no hassle. To make this option work, you give your VPN server a range of available IP addresses that it can use.

How to Enable VPN service in Windows 2003 Server with one Network card.

Windows Server 2003 VPN Setup

This will start a wizard that will help you configure these services. On the Configuration screen, you can specify which services you want to enable. Here, you must select which of these services or both that you want to offer from this server. For this example, I'll choose only the VPN components. Since VPN servers are generally installed with one interface facing outside the organization to support remote connections, the wizard will now display the VPN Connection screen.

You'll need to identify which interface will act in this capacity. On the VPN server in my lab for this exercise, I have two interfaces. The first interface's address is Since this server is in my lab, it does not have a true public address.

However, for the purposes of this example, I'll use the Below the interface list, you'll notice a check box indicating that static packet filters can be applied to this interface to allow VPN traffic only.

I recommend that you enable this feature, especially if this interface is outside the corporate firewall. To access resources on the internal network, the remote client needs an IP address that is allowed to do so. First, you can use an existing DHCP server on your network after making sure that it is configured properly. Second, you can provide the VPN server with a range of addresses that it can dole out to the clients.

I prefer the second method, because it makes me feel a little more in control. I have to provide a range of addresses, and it allows me to quickly determine just by looking at a list of IP connections to a server if they are internal or VPN clients. If you choose this method and are using addresses from the same space as your internal network, make sure you exclude the range you choose from any DHCP scopes you've defined on other DHCP servers to prevent addressing conflicts.

For this article, I'll choose this option. Because I'm assigning addresses from a specified pool, the pool or pools must be set up, which I'll do on the Address Range Assignment screen. In this example, that network is To add a range, click the New button. You need to supply the starting address of the range and either the ending address or the number of addresses you would like in the pool.

For this example, I'll create a range of 25 addresses from A key aspect in providing remote access services is authentication. Without it, anyone can access your internal network as long as they can get to your VPN server. If you don't have one, you can just let the RRAS services handle the authentication. After this step, the wizard will configure RRAS based on the parameters you specified.

You should then see a green arrow next to your local server on the RRAS screen indicating that the service is active. Rather, an administrator needs to enable this privilege for each user who needs it.

Next, right-click on a user object and choose Properties. Click Apply or OK to continue. The user will now be able to use the VPN services.

Testing the connection With this out of the way, a client computer can now be connected to the VPN server using this user's credentials. This system resides on the outside of the network and needs to use the VPN services to gain access to the inside.

Next, click Create A New Connection. What are your suggestions? That depends, is this server behind another firewall or is the builtin Windows firewall the only one it's using?

If it's the only one you have between your computer and the public then the implications are pretty self explanatory. If however your server is behind a firewall device, then you should be safe from public intrusion.

This allows for better security overall. If you have to have this firewall up and running, I think you're going to need to look at VPN endpoint devices instead of using the server itself as a VPN endpoint.

I confess I am curious why you're running a firewall on that server. Is it exposed directly to the public and not behind a firewall device? Plus its hosting a small database which I don't want to potentially compromise I would never consider running any other services on a database server. DB's tend to require a lot of resources and anything you put on that same server will degrade DB performance to clients.

It matters not how straight the gate, How charged with punishments the scroll, I am the master of my fate; I am the captain of my soul. Over a Month Ago Time Zone: I never disable the Windows firewall. I leave it on and add exceptions and rules to allow things through if needed. Defense in depth is always a better solution in my opinion. Here is a guide that may help you. A good, cheap, simple choice is Untangle.

The reason you have to disable Windows Firewall is because RRAS provides firewall functionality itself, so it would be redundant if you had both in operation.

tech dept.