Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
9Activity
0 of .
Results for:
No results containing your search query
P. 1
Virtual Private Networks 2

Virtual Private Networks 2

Ratings: (0)|Views: 133|Likes:
Published by api-3729674

More info:

Published by: api-3729674 on Oct 15, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

Virtual private networks
Page 1 of 87
file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1071.htm
11/24/2003
Virtual private networks

The Routing and Remote Access service in Windows 2000 Server provides virtual private network (VPN) services
for remote access and router-to-router VPN connections by using either the Point-to-Point Tunneling Protocol
(PPTP) or the Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPSec).

\ue000Before installing a VPN server, see Checklist: Installing and configuring a VPN server.
\ue000Before installing a PPTP server, see Checklist: Installing and configuring a PPTP server.
\ue000To find features that have been moved in Windows 2000 Server, see New ways to do familiar tasks.
\ue000For tips about using VPNs, see Best practices.
\ue000For general background information, seeConcepts.
\ue000For problem-solving instructions, seeTroubleshooting.

Checklists
This section covers:
\ue000Checklist: Installing and configuring a VPN server
\ue000Checklist: Installing and configuring a PPTP server
Checklist: Installing and configuring a VPN server
Step
Reference
gfedcReview key concepts.
Virtual private networks overview
gfedcInstall the hardware.
Manufacturer's documentation
gfedc
Verify the compatibility of all hardware to be installed in the
computer running Windows 2000.
Microsoft Windows Hardware
Compatibility List at the Microsoft Web
site(http://www.microsoft.com/)
gfedc
Verify that the hardware is successfully installed on
Windows 2000.
Device Manager
gfedcInstall and configure the protocols.
Network communications
gfedcInstall the Routing and Remote Access service.
To enable the Routing and Remote
Access service
gfedcConfigure the TCP/IP protocol.
TCP/IP and remote access
gfedcConfigure the number of PPTP and L2TP ports needed.
To add PPTP or L2TP ports
gfedc
Configure PPTP and L2TP over IPSec filters on the Internet
interface.
Manage packet filters
gfedc
Configure dial-in properties and remote access policies for dial-in
permission, authentication, and encryption settings.
Introduction to remote access policies
gfedc
(Optional) Configure the Windows 2000 remote access router as a
RADIUS client.
To use RADIUS authentication
gfedc(Optional) Configure the IPX protocol.
IPX and remote access
Virtual private networks
Page 2 of 87
file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1071.htm
11/24/2003
Checklist: Installing and configuring a PPTP server
Note
\ue000The Point-to-Point Tunneling Protocol is automatically installed.
New ways to do familiar tasks

The following table lists common tasks for configuring virtual private networks in Windows 2000. The user
interface for performing these tasks is different in Windows 2000 than it was in Windows NT version 4.0 and
Windows NT version 4.0 with the Routing and Remote Access Service (RRAS).

Best practices
The following list provides best practices for implementing and configuring VPNs and is based on recommendations
from Microsoft Product Support Services:
gfedc(Optional) Configure the NetBEUI protocol.
NetBEUI and remote access
Step
Reference
gfedcReview key concepts.
Virtual private networks overview
gfedcInstall the hardware.
Manufacturer's documentation
gfedc
Verify the compatibility of all hardware to be installed in the
computer running Windows 2000.
Microsoft Windows Hardware
Compatibility List at the Microsoft Web
site(http://www.microsoft.com/)
gfedc
Verify that the hardware is successfully installed on
Windows 2000.
Device Manager
gfedcInstall and configure the TCP/IP protocol.
Network communications
gfedcInstall the Routing and Remote Access service.
To enable the Routing and Remote
Access service
gfedcConfigure the number of PPTP ports needed.
To add PPTP or L2TP ports
gfedcConfigure PPTP filters on the Internet interface.
Add PPTP filters
gfedc
Configure dial-in properties and remote access policies for dial-in
permission, authentication, and encryption settings.
Introduction to remote access policies
If you want to
In Windows NT 4.0 use
In Windows NT 4.0 with
RRAS use
In Windows 2000 use

Install the Point-
to-Point
Tunneling
Protocol (PPTP)

Protocols tab of Networkin
Control Panel
Protocols tab of Network
in Control Panel
PPTP is automatically
installed

Set the
maximum
number of PPTP
connections

Protocols tab of Networkin
Control Panel
Protocols tab of Network
in Control Panel
Properties ofPorts in
Routing and Remote Access
Set PPTP packet
filtering

The Advanced IP Addressing
dialog box from the properties of
the TCP/IP protocol (Protocols tab
ofNetwork in Control Panel)

Properties of the IP interface
inSummary underIP
Routing in Routing and RAS
Admin
Properties of the IP
interface inGeneral under
IP RoutinginRouting
and Remote Access
Virtual private networks
Page 3 of 87
file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1071.htm
11/24/2003
\ue000Use DHCP to obtain IP addresses

If you installed a DHCP server, configure the VPN server to use DHCP to obtain IP addresses for VPN clients. If
you did not install a DHCP server and you have a single subnet, configure the VPN server with a static IP
address pool that is a subset of addresses for the subnet to which the VPN server is attached. For more
information, see To create a static IP address pool.

If you did not install a DHCP server and you have multiple subnets and a routed infrastructure, configure the
VPN server with a static IP address pool that consist of ranges of addresses that are a separate subnet from the
subnet to which the VPN server is attached. Then, either add the static routes that represent the address
ranges to the routing tables of neighboring routers or enable the routing protocol of your routed infrastructure
on the VPN server. For more information, see To create a static IP address pool.

\ue000Use strong authentication
\ue000Use strong passwords more than 8 characters long that contain a mixture of uppercase and lowercase

letters, numbers, and permitted punctuation. Do not use passwords based on names or words. Strong passwords are more resistant to a dictionary attack, where an unauthorized user attempts to crack a password by sending a series of commonly used names and words.

\ue000Although EAP-TLS works with registry-based certificates, it is highly recommended that you only use
EAP-TLS with smart cards for remote access VPN connections.
\ue000If you are using MS-CHAP, use MS-CHAP version 2. You can obtain the latest MS-CHAP updates for
Windows NT version 4.0, Windows 98, and Windows 95 VPN clients from Microsoft. For more information,
see MS-CHAP version 2.
\ue000Use strong encryption

Use the strongest level of encryption that your situation allows. For VPN connections within North America, use strong or strongest encryption. For VPN connections outside of North America, use basic encryption. Strongest encryption is only available on North American versions of Windows 2000.

\ue000Use automatic allocation for IPX network IDs
Configure the VPN server to automatically allocate the same IPX network ID to all VPN clients.
Concepts
This section provides general background information about virtual private networking with the Windows 2000
remote access router:

\ue000Virtual private networks overview
\ue000Understanding virtual private networks
\ue000Using virtual private networks
\ue000Resources

Virtual private networks overview
This section covers:

\ue000Virtual private networks
\ue000VPN connections
\ue000Types of virtual private networks
\ue000New features of virtual private networks for Windows 2000

Virtual private networks

A virtual private network (VPN) is the extension of a private network that encompasses links across shared or
public networks like the Internet. With a VPN, you can send data between two computers across a shared or public
network in a manner that emulates a point-to-point private link. Virtual private networking is the act of creating
and configuring a virtual private network.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->