How can I add Microsoft VPN support to our company network?

Hi,

We have been using SoftRemote with some Speedstream routers, but it
sometimes isn't reliable and they are really dragging their feet on a Vista
version.

What I would like to know about is the built-in Microsoft VPN
functionallity. What can this connect to?

Is it possible to configure a router to allow the MS VPN to connect to it?
Is there a primer or page on the specifications of this?

If not, can I configured a win2k server to accept this MS Style VPN
connection? What ports would have to be opened up in our router to allow
this? Is it safe?

Thanks,

Alan
http://www.sadevelopment.com
Partition Boot Manager and Large Drive Tools utilities!

"Default User" <(E-Mail Removed)> wrote in message
news:46b1cff5$0$21872$(E-Mail Removed)...
> What I would like to know about is the built-in Microsoft VPN
> functionallity. What can this connect to?

It is just part of the Windows Dialup Networking. It has been there since
Windows95

> Is it possible to configure a router to allow the MS VPN to connect to it?
> If not, can I configured a win2k server to accept this MS Style VPN
> connection?

RRAS (Routing and Remote Access) is already an included part of any Windows
Server 2000 or newer. It could also be downloaded and added to NT4 Server
(replaces the RAS Service).

MS ISA Server is also designed to act as a VPN Server and has 100x more
capabilities that RRAS.

> What ports would have to be opened up in our router to allow

The RRAS Server (or ISA Server) would *BE* the "router". It needs to be a
duel-nic machine setup similar to a "router" or a "firewall" device would
be.

> this? Is it safe?

It is as safe as you make it or don't make it. VPN is VPN. PPTP & L2TP
are PPTP and L2TP,...it doesn't matter who's product it is.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

Hi Default,

A quick and easy way for a fairly safe VPN is to do what Phillip is
suggesting. That is, just setup a Win2k or Win2k3 server with Routing and
Remote Access Service configured to accept incoming connections (as a RAS
Server).
This is quick to set-up and you can mostly get away with the default
settings. Configure a static address pool in you LAN IP range to be
allocated to clients.

As for the router, set it to allow port 1723 (PPTP admin/traffic) to be
forwarded to your RAS servers IP. Port forwarding in router speak. You only
need one network card on this server. (I assume you don't need to harden
this setup too much - otherwise 2 cards would be better as Phillip
indicated. As would ISA, indeed...) I assume you are using a hardware router
as a gateway / firewall / NAT - (Residential Gateway in Windows 6.0 speak).

Now XP and Vista clients can simply run the wizard for "create a new network
connection" and selecting VPN as the type. The only non default setting they
will need is - of course - your Internet facing (router) IP or domain name,
(yourcompany.com).
They will need a login on the server of course (or Small Business Server
domain) plus remote "dial in" permission.

Hope that helps.

CreateWindow
http://mymessagetaker.com
The While-You-Were-Out program you always wanted.
Stop using those paper phone message pads
make the computer work for you.
http://justpageprobe.com
The FREE Web page utility you always wanted.
Monitor your enterprise Web Servers.
Keep your router connected.
Email your IP to where you need it.


"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Default User" <(E-Mail Removed)> wrote in message
> news:46b1cff5$0$21872$(E-Mail Removed)...
>> What I would like to know about is the built-in Microsoft VPN
>> functionallity. What can this connect to?
>
> It is just part of the Windows Dialup Networking. It has been there since
> Windows95
>
>> Is it possible to configure a router to allow the MS VPN to connect to
>> it? If not, can I configured a win2k server to accept this MS Style VPN
>> connection?
>
> RRAS (Routing and Remote Access) is already an included part of any
> Windows Server 2000 or newer. It could also be downloaded and added to
> NT4 Server (replaces the RAS Service).
>
> MS ISA Server is also designed to act as a VPN Server and has 100x more
> capabilities that RRAS.
>
>> What ports would have to be opened up in our router to allow
>
> The RRAS Server (or ISA Server) would *BE* the "router". It needs to be a
> duel-nic machine setup similar to a "router" or a "firewall" device would
> be.
>
>> this? Is it safe?
>
> It is as safe as you make it or don't make it. VPN is VPN. PPTP & L2TP
> are PPTP and L2TP,...it doesn't matter who's product it is.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>

Hi,

Thanks that works great.

ONE question - Can I change the standard port somehow in the Microsoft VPN
client?

For example, if I wanted to change the port in my firewall from 1723 to some
non standard port, but still have my router forward it to 1723 on the
server, how can I tell the VPN Client to connect to my non standard port? I
don't plan on changing the port at all on the server.

I tried myaddressort, but the VPN client does NOT like it.

Thanks,

Alan
http://www.sadevelopment.com
Partition Boot Manager and Large Drive Tools utilities!

Dear Default,

I'm not sure that would work as it may break the GRE protocol. Also the
client uses a PPTP Wan Miniport 'device' and the driver module for that is
not expecting a port resource number in the target host name.
I have never tried something like that. Anyhow I think the client will
certainly ignore a port number - as I just mentioned above.

Good luck!

CreateWindow


"Default User" <(E-Mail Removed)> wrote in message
news:46b33619$0$2225$(E-Mail Removed)...
> Hi,
>
> Thanks that works great.
>
> ONE question - Can I change the standard port somehow in the Microsoft VPN
> client?
>
> For example, if I wanted to change the port in my firewall from 1723 to
> some non standard port, but still have my router forward it to 1723 on the
> server, how can I tell the VPN Client to connect to my non standard port?
> I don't plan on changing the port at all on the server.
>
> I tried myaddressort, but the VPN client does NOT like it.
>
> Thanks,
>
> Alan
> http://www.sadevelopment.com
> Partition Boot Manager and Large Drive Tools utilities!
>
>