VPN Server2003

Are there some books that I can read about setting up a VPN connection
between server 2003 and WinXP?

I searched a lott about this on the internet but I cannot find the right
information.
Also bought a lott of books about this but they don't cover the topic as I
want.
To little information or the start with items I don't know nothing about.

Are there some examples I can use?
Just want to set up a VPN connection using RAS on server 2003 using PPTP.

Have two nic's on server one connected to an ADSL modem SpeedTouch ST716v5.
SpeedTouch ST716v5 has VPN pass through.
The other nic is used to connect local pc's to the server.

SpeedTouch ST716v5 assignes IP address of 10.0.0.154 to server by DHCP.
DHCP on server assignes IP address to local pc' starting from 192.168.0.10.
Server IP address is 192.168.0.1 (Static)

Port 1723 is open on the nic that is used connecting computer to the internet.
Port 1723 is also open on SpeedTouch ST716v5.

Client computer has Microsoft OneCare installed.
Port 1723 is open.

I can connect to the server by using a VPN connection but every thing is so
slow.
It seems to me that the IP address assigned to the client computer is coming
from the SpeedTouch ST716v5 and not from the server. Disabling DHCP on the
SpeedTouch ST716v5 doesn't help.
IP addresses are 10.0.0.156 for server and 10.0.0.152 for client.
Is this good?
Can I use 'My Network Places' on the client computer to search for
sharedfolders on the server?

Thanks in advance

Peter

=?Utf-8?B?UGV0ZXIgSGVyaWpnZXJz?=
<(E-Mail Removed)> wrote in
news:0FB78AFD-4124-40DE-ABAD-(E-Mail Removed):

> Are there some books that I can read about setting up a VPN connection
> between server 2003 and WinXP?
>
> I searched a lott about this on the internet but I cannot find the
> right information.
> Also bought a lott of books about this but they don't cover the topic
> as I want.
> To little information or the start with items I don't know nothing
> about.
>
> Are there some examples I can use?
> Just want to set up a VPN connection using RAS on server 2003 using
> PPTP.
>
> Have two nic's on server one connected to an ADSL modem SpeedTouch
> ST716v5. SpeedTouch ST716v5 has VPN pass through.
> The other nic is used to connect local pc's to the server.
>
> SpeedTouch ST716v5 assignes IP address of 10.0.0.154 to server by
> DHCP. DHCP on server assignes IP address to local pc' starting from
> 192.168.0.10. Server IP address is 192.168.0.1 (Static)
>
> Port 1723 is open on the nic that is used connecting computer to the
> internet. Port 1723 is also open on SpeedTouch ST716v5.
>
> Client computer has Microsoft OneCare installed.
> Port 1723 is open.
>
> I can connect to the server by using a VPN connection but every thing
> is so slow.
> It seems to me that the IP address assigned to the client computer is
> coming from the SpeedTouch ST716v5 and not from the server. Disabling
> DHCP on the SpeedTouch ST716v5 doesn't help.
> IP addresses are 10.0.0.156 for server and 10.0.0.152 for client.
> Is this good?
> Can I use 'My Network Places' on the client computer to search for
> sharedfolders on the server?
>
> Thanks in advance
>
> Peter

Hi Peter --

All the documentation you need to accomplish this is available for free at
http://technet.microsoft.com/en-us/n.../bb545442.aspx. Probably the test
lab doc will provide you with the shortest path to the information you need
on how to configure the RRAS server.

HTH



--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

If you have a Speedtouch residential gateway you should not have two NICs
in the server. You only need two NICs in the server if it has a direct
connection to the Internet (ie one private NIC and one public NIC).

If you are behind a gatewayrouter/firewall device, the VPN client
connects to the public interface of the router. The VPN server has only one
NIC which is connected to the private LAN behind the residential gateway.

Look around in the RRAS config wizard to find the correct option to
enable VPN with only one NIC in the server. You usually have to go to the
second menu. The exact wording varies with different versions of the OS.
When you have the server set up to accept a VPN connection you can test your
config from a workstation on the local network.

When this is working you set your router to forward PPTP to the LAN IP
of the server. The remote client then connects to the router's public IP.
The router forwards the traffic to the VPN server on the LAN and the VPN
connection is established between the remote client and the server.

You will not be able to use My Network Places from a remote connection.
This depends on the browser service, which depends in turn on LAN
broadcasts. LAN broadcasts do not cross the VPN connection. It is a simple
point-to-point IP connection, not a LAN connection. And it will be slow,
firstly because an Internet connection is much slower than a network
connection and secondly because of the overhead (encryption and
encapsulation) of a VPN tunnel.

Although My Network Places doesn't work, you should be able to see
shares on a LAN machine using "net view \\servername" and access them using
"net use z: \\servername\sharename" .

"Peter Herijgers" <(E-Mail Removed)> wrote in
message news:0FB78AFD-4124-40DE-ABAD-(E-Mail Removed)...
> Are there some books that I can read about setting up a VPN connection
> between server 2003 and WinXP?
>
> I searched a lott about this on the internet but I cannot find the right
> information.
> Also bought a lott of books about this but they don't cover the topic as I
> want.
> To little information or the start with items I don't know nothing about.
>
> Are there some examples I can use?
> Just want to set up a VPN connection using RAS on server 2003 using PPTP.
>
> Have two nic's on server one connected to an ADSL modem SpeedTouch
> ST716v5.
> SpeedTouch ST716v5 has VPN pass through.
> The other nic is used to connect local pc's to the server.
>
> SpeedTouch ST716v5 assignes IP address of 10.0.0.154 to server by DHCP.
> DHCP on server assignes IP address to local pc' starting from
> 192.168.0.10.
> Server IP address is 192.168.0.1 (Static)
>
> Port 1723 is open on the nic that is used connecting computer to the
> internet.
> Port 1723 is also open on SpeedTouch ST716v5.
>
> Client computer has Microsoft OneCare installed.
> Port 1723 is open.
>
> I can connect to the server by using a VPN connection but every thing is
> so
> slow.
> It seems to me that the IP address assigned to the client computer is
> coming
> from the SpeedTouch ST716v5 and not from the server. Disabling DHCP on the
> SpeedTouch ST716v5 doesn't help.
> IP addresses are 10.0.0.156 for server and 10.0.0.152 for client.
> Is this good?
> Can I use 'My Network Places' on the client computer to search for
> sharedfolders on the server?
>
> Thanks in advance
>
> Peter

> If you have a Speedtouch residential gateway you should not have two NICs
> in the server. You only need two NICs in the server if it has a direct
> connection to the Internet (ie one private NIC and one public NIC).
>
> If you are behind a gatewayrouter/firewall device, the VPN client
> connects to the public interface of the router. The VPN server has only one
> NIC which is connected to the private LAN behind the residential gateway.

So I should disable one NIC in the server.
Connect the switch on which all local computers are connected to the ADSL
router.
Should I disable DHCP in the ADSL router and let the server control it or
can I leave the DHCP on in the ADSL router?

Should IP addresses (for the VPN clients) be assigned by the server or ADSL
router?


"Bill Grant" wrote:

> If you have a Speedtouch residential gateway you should not have two NICs
> in the server. You only need two NICs in the server if it has a direct
> connection to the Internet (ie one private NIC and one public NIC).
>
> If you are behind a gatewayrouter/firewall device, the VPN client
> connects to the public interface of the router. The VPN server has only one
> NIC which is connected to the private LAN behind the residential gateway.
>
> Look around in the RRAS config wizard to find the correct option to
> enable VPN with only one NIC in the server. You usually have to go to the
> second menu. The exact wording varies with different versions of the OS.
> When you have the server set up to accept a VPN connection you can test your
> config from a workstation on the local network.
>
> When this is working you set your router to forward PPTP to the LAN IP
> of the server. The remote client then connects to the router's public IP.
> The router forwards the traffic to the VPN server on the LAN and the VPN
> connection is established between the remote client and the server.
>
> You will not be able to use My Network Places from a remote connection.
> This depends on the browser service, which depends in turn on LAN
> broadcasts. LAN broadcasts do not cross the VPN connection. It is a simple
> point-to-point IP connection, not a LAN connection. And it will be slow,
> firstly because an Internet connection is much slower than a network
> connection and secondly because of the overhead (encryption and
> encapsulation) of a VPN tunnel.
>
> Although My Network Places doesn't work, you should be able to see
> shares on a LAN machine using "net view \\servername" and access them using
> "net use z: \\servername\sharename" .
>
> "Peter Herijgers" <(E-Mail Removed)> wrote in
> message news:0FB78AFD-4124-40DE-ABAD-(E-Mail Removed)...
> > Are there some books that I can read about setting up a VPN connection
> > between server 2003 and WinXP?
> >
> > I searched a lott about this on the internet but I cannot find the right
> > information.
> > Also bought a lott of books about this but they don't cover the topic as I
> > want.
> > To little information or the start with items I don't know nothing about.
> >
> > Are there some examples I can use?
> > Just want to set up a VPN connection using RAS on server 2003 using PPTP.
> >
> > Have two nic's on server one connected to an ADSL modem SpeedTouch
> > ST716v5.
> > SpeedTouch ST716v5 has VPN pass through.
> > The other nic is used to connect local pc's to the server.
> >
> > SpeedTouch ST716v5 assignes IP address of 10.0.0.154 to server by DHCP.
> > DHCP on server assignes IP address to local pc' starting from
> > 192.168.0.10.
> > Server IP address is 192.168.0.1 (Static)
> >
> > Port 1723 is open on the nic that is used connecting computer to the
> > internet.
> > Port 1723 is also open on SpeedTouch ST716v5.
> >
> > Client computer has Microsoft OneCare installed.
> > Port 1723 is open.
> >
> > I can connect to the server by using a VPN connection but every thing is
> > so
> > slow.
> > It seems to me that the IP address assigned to the client computer is
> > coming
> > from the SpeedTouch ST716v5 and not from the server. Disabling DHCP on the
> > SpeedTouch ST716v5 doesn't help.
> > IP addresses are 10.0.0.156 for server and 10.0.0.152 for client.
> > Is this good?
> > Can I use 'My Network Places' on the client computer to search for
> > sharedfolders on the server?
> >
> > Thanks in advance
> >
> > Peter
>
>

If you are not running a domain, you can let the ADSL router run DHCP. If
you are running a domain it is best to disable DHCP on the router and use
the DC for DHCP, mainly because of DNS.

You can let the RRAS server get a pool of addresses from DHCP to use for
the remote users. The remote users then get IPs in the same IP subnet as the
LAN machines and it works well if you only have a few users. Check that you
only have 10 or less miniports available so that RRAS does not lease too
many IPs from DHCP.

"Peter Herijgers" <(E-Mail Removed)> wrote in
message news:326FA7DE-1EDD-4431-8863-(E-Mail Removed)...
>> If you have a Speedtouch residential gateway you should not have two
>> NICs
>> in the server. You only need two NICs in the server if it has a direct
>> connection to the Internet (ie one private NIC and one public NIC).
>>
>> If you are behind a gatewayrouter/firewall device, the VPN client
>> connects to the public interface of the router. The VPN server has only
>> one
>> NIC which is connected to the private LAN behind the residential gateway.
>
> So I should disable one NIC in the server.
> Connect the switch on which all local computers are connected to the ADSL
> router.
> Should I disable DHCP in the ADSL router and let the server control it or
> can I leave the DHCP on in the ADSL router?
>
> Should IP addresses (for the VPN clients) be assigned by the server or
> ADSL
> router?
>
>
> "Bill Grant" wrote:
>
>> If you have a Speedtouch residential gateway you should not have two
>> NICs
>> in the server. You only need two NICs in the server if it has a direct
>> connection to the Internet (ie one private NIC and one public NIC).
>>
>> If you are behind a gatewayrouter/firewall device, the VPN client
>> connects to the public interface of the router. The VPN server has only
>> one
>> NIC which is connected to the private LAN behind the residential gateway.
>>
>> Look around in the RRAS config wizard to find the correct option to
>> enable VPN with only one NIC in the server. You usually have to go to the
>> second menu. The exact wording varies with different versions of the OS.
>> When you have the server set up to accept a VPN connection you can test
>> your
>> config from a workstation on the local network.
>>
>> When this is working you set your router to forward PPTP to the LAN
>> IP
>> of the server. The remote client then connects to the router's public IP.
>> The router forwards the traffic to the VPN server on the LAN and the VPN
>> connection is established between the remote client and the server.
>>
>> You will not be able to use My Network Places from a remote
>> connection.
>> This depends on the browser service, which depends in turn on LAN
>> broadcasts. LAN broadcasts do not cross the VPN connection. It is a
>> simple
>> point-to-point IP connection, not a LAN connection. And it will be slow,
>> firstly because an Internet connection is much slower than a network
>> connection and secondly because of the overhead (encryption and
>> encapsulation) of a VPN tunnel.
>>
>> Although My Network Places doesn't work, you should be able to see
>> shares on a LAN machine using "net view \\servername" and access them
>> using
>> "net use z: \\servername\sharename" .
>>
>> "Peter Herijgers" <(E-Mail Removed)> wrote in
>> message news:0FB78AFD-4124-40DE-ABAD-(E-Mail Removed)...
>> > Are there some books that I can read about setting up a VPN connection
>> > between server 2003 and WinXP?
>> >
>> > I searched a lott about this on the internet but I cannot find the
>> > right
>> > information.
>> > Also bought a lott of books about this but they don't cover the topic
>> > as I
>> > want.
>> > To little information or the start with items I don't know nothing
>> > about.
>> >
>> > Are there some examples I can use?
>> > Just want to set up a VPN connection using RAS on server 2003 using
>> > PPTP.
>> >
>> > Have two nic's on server one connected to an ADSL modem SpeedTouch
>> > ST716v5.
>> > SpeedTouch ST716v5 has VPN pass through.
>> > The other nic is used to connect local pc's to the server.
>> >
>> > SpeedTouch ST716v5 assignes IP address of 10.0.0.154 to server by DHCP.
>> > DHCP on server assignes IP address to local pc' starting from
>> > 192.168.0.10.
>> > Server IP address is 192.168.0.1 (Static)
>> >
>> > Port 1723 is open on the nic that is used connecting computer to the
>> > internet.
>> > Port 1723 is also open on SpeedTouch ST716v5.
>> >
>> > Client computer has Microsoft OneCare installed.
>> > Port 1723 is open.
>> >
>> > I can connect to the server by using a VPN connection but every thing
>> > is
>> > so
>> > slow.
>> > It seems to me that the IP address assigned to the client computer is
>> > coming
>> > from the SpeedTouch ST716v5 and not from the server. Disabling DHCP on
>> > the
>> > SpeedTouch ST716v5 doesn't help.
>> > IP addresses are 10.0.0.156 for server and 10.0.0.152 for client.
>> > Is this good?
>> > Can I use 'My Network Places' on the client computer to search for
>> > sharedfolders on the server?
>> >
>> > Thanks in advance
>> >
>> > Peter
>>
>>