The Routing and Remote Access service in Windows 2000 Server provides virtual private network (VPN) services
for remote access and router-to-router VPN connections by using either the Point-to-Point Tunneling Protocol
(PPTP) or the Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPSec).
\ue000Before installing a VPN server, see Checklist: Installing and configuring a VPN server.
\ue000Before installing a PPTP server, see Checklist: Installing and configuring a PPTP server.
\ue000To find features that have been moved in Windows 2000 Server, see New ways to do familiar tasks.
\ue000For tips about using VPNs, see Best practices.
\ue000For general background information, seeConcepts.
\ue000For problem-solving instructions, seeTroubleshooting.
The following table lists common tasks for configuring virtual private networks in Windows 2000. The user
interface for performing these tasks is different in Windows 2000 than it was in Windows NT version 4.0 and
Windows NT version 4.0 with the Routing and Remote Access Service (RRAS).
Install the Point-
number of PPTP
The Advanced IP Addressing
dialog box from the properties of
the TCP/IP protocol (Protocols tab
ofNetwork in Control Panel)
If you installed a DHCP server, configure the VPN server to use DHCP to obtain IP addresses for VPN clients. If
you did not install a DHCP server and you have a single subnet, configure the VPN server with a static IP
address pool that is a subset of addresses for the subnet to which the VPN server is attached. For more
information, see To create a static IP address pool.
If you did not install a DHCP server and you have multiple subnets and a routed infrastructure, configure the
VPN server with a static IP address pool that consist of ranges of addresses that are a separate subnet from the
subnet to which the VPN server is attached. Then, either add the static routes that represent the address
ranges to the routing tables of neighboring routers or enable the routing protocol of your routed infrastructure
on the VPN server. For more information, see To create a static IP address pool.
letters, numbers, and permitted punctuation. Do not use passwords based on names or words. Strong passwords are more resistant to a dictionary attack, where an unauthorized user attempts to crack a password by sending a series of commonly used names and words.
Use the strongest level of encryption that your situation allows. For VPN connections within North America, use strong or strongest encryption. For VPN connections outside of North America, use basic encryption. Strongest encryption is only available on North American versions of Windows 2000.
\ue000Virtual private networks overview
\ue000Understanding virtual private networks
\ue000Using virtual private networks
\ue000Virtual private networks
\ue000Types of virtual private networks
\ue000New features of virtual private networks for Windows 2000
A virtual private network (VPN) is the extension of a private network that encompasses links across shared or
public networks like the Internet. With a VPN, you can send data between two computers across a shared or public
network in a manner that emulates a point-to-point private link. Virtual private networking is the act of creating
and configuring a virtual private network.
This action might not be possible to undo. Are you sure you want to continue?