You are on page 1of 29

Server Operating System

White Paper

Installing, Configuring, and Using PPTP with Microsoft Clients and Servers

r White Paper

2

Configuring and Using PPTP with Microsoft Clients and Servers Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server. local area networks ()*Ns).Installing. T P!"P-based networks# r White Paper 3 . and Net%&'") and can be used for virtual private networking over public and private networks# (ou can use PPTP to provide secure. or the "nternet and other public. virtual networks by using dial-up lines. on-demand. creating a virtual private network (VPN ) by using T P!"P-based data networks# PPTP supports multiple network protocols ("P. "P$. wide area networks (+*Ns).

.

Other product or company names mentioned herein may !e the trademar#s of their respective o ners. 493783585 .© 1997 Microsoft Corporation. The information contained in this document represents the current vie of Microsoft Corporation on the issues discussed as of the date of pu!lication.T'+S$ +-&(+SS O( 'M&.O %A((A. All rights reserved. This %hite &aper is for informational purposes only. Microsoft$ %indo s$ and %indo s . Microsoft Corporation 2 One Microsoft %ay 2 (edmond$ %A 9345678999 2 1SA 4197 &art no. "ecause Microsoft must respond to changing mar#et conditions$ it should not !e interpreted to !e a commitment on the part of Microsoft$ and Microsoft cannot guarantee the accuracy of any information presented after the date of pu!lication. T0'S /OC1M+.'+/$ '. M'C(OSO)T MA*+S .T are registered trademar#s$ and "ac#Office and the "ac#Office logo are trademar#s of Microsoft Corporation.T.

.. Using PPTP -ver the .......lic6 TCP7IP3.e used &or virtual private networkin over pu......../ to Connect to a PPTP Server...........I5 and can ......................."N Routin on the PPTP Server Ena..1.....& Installin PPTP on a PPTP Client % "ddin a #PN $evice as a R"S Port on the PPTP Client 1 Configuring 'ial(Up etwor!ing on the PPTP Client............................... 1...........1) Creatin the Phone..........ased data networks8 PPTP supports multiple network protocols 4IP6 IP96 and Net:E.......................$ Installing and Configuring PPTP on a PPTP Server...% Installin PPTP on a PPTP Server ! "ddin #PN $evices as R"S Ports on a PPTP Server % Con&i urin PPTP Server Encr'ption and "uthentication (ptions ) Con&i urin Server Encr'ption &or PPTP ) Con&i urin PPTP *ilterin on the PPTP Server + Con&i urin ...................................les the secure trans&er o& data &rom a remote client to a private enterprise server6 thus creatin a virtual private network 4#PN 5 .........." Hardware Requirements 3 The PPTP Server 3 The PPTP Client 3 Network Protocols on the Private Enterprise Network 3 #efore Installing PPTP.................................' usin TCP7IP3..............ased networks8 C................1 Planning for PPTP and Virtual Private etwor!s. 'ialing(up an ISP PPTP Service to connect to a PPTP Server 1................................T1 TS USI 0 PPTP ......ook Entr' to $ial a ISP )2 Creatin the Phone.......lic and private networks8 <ou can use PPTP to provide secure6 on3demand6 virtual networks .. Point3to3Point Tunnelin Protocol 4PPTP5 is a network protocol that ena..........le IP *orwardin / "ddin the $ont"dd$e&ault0atewa' Re istr' Entr' / "ddin Static Routes &or the Private Network / Installing and Configuring PPTP on a PPTP Client..........."Ns56 wide area networks 4="Ns56 or the Internet and other pu......Using PPTP......' usin dial3up lines6 local area networks 4..........ook Entr' to $ial a PPTP Server )+ Using PPTP to connect to a PPTP server *+ 'ialing an ISP......

e de&ined as an on3demand connection .out how to install6 con&i ure6 and use PPTP on computers runnin =indows NT Server version -82 and =indows NT =orkstation version -828 I& 'ou need in&ormation a. P3IV/T1 1TW-34S This white paper provides in&ormation on how to install6 con&i ure and use PPTP on computers runnin =indows NT =orkstation version -828and =indows NT Server version -82 operatin s'stems8 The main topics o& this document are> • plannin &or PPTP installation and con&i uration • what 'ou must know ."N to connect to a PPTP server Note This document provides in&ormation a.etween two computers in di&&erent locations8 It consists o& the two computers 4one computer at each end o& the connection5 and a route6 or tunnel6 over a pu.lic and private networks8 The most common scenario in which a network administrator can use PPTP is one in which the remote user connects to an enterprise network .lish and maintain private6 secure communication .etween computers8 It does this .p Networkin to connect directl' to a PPTP3 ena.' usin an ISP PPTP service • usin PPTP over the .p Networkin to communicate over dial3up lines and pu.' usin Remote "ccess Service 4R"S5 and $ial3.etween the two computers is encr'pted .e&ore installin PPTP • installin and con&i urin a PPTP server • installin and con&i urin a PPTP client • usin PPTP to dial up an ISP and connect to a PPTP server • usin Point3to3Point 4PPP5 to connect to a PPTP server ."N connection .P./ I 0 2-3 PPTP / ' VI3TU/.' usin $ial3 .lic or private network8 To ensure privac' and secure communication6 data transmitted .nderstandin PPTP8@ " virtual private network can .led network access server6 such as a computer con&i ured with =indows NT Server version -82 and R"S8 This scenario starts with a remote computer usin PPP to dial up an ISP server that is con&i ured as a &&T& client8 The ISP server then accesses a PPTP tunnel that oes &rom the ISP6 .' the Point3to Point Protocol 4PPP5 4a remote access protocol5 and then routed over a dial3up or .p Networkin and an Internet Service Provider 4ISP5 connection to the Internet8 (ther scenarios in which a network administrator can use PPTP to provide secure and encr'pted communication include the &ollowin > • Remote user access usin $ial3.' a PPTP device8 In =indows NT Server and =indows NT =orkstation terminolo '6 this device is re&erred to as a virtual private net or# or #PN8 PPTP uses the #PN device to esta.out the architecture6 components6 and &eatures o& PPTP6 see the white paper titled ?.

otics8 I& the PPTP client is a remote or mo.ocal network access usin $ial3.ile enterprise user that connects to an enterprise PPTP server .e a computer con&i ured with either =indows NT =orkstation version -82 or =indows NT Server version -828 Thus6 the minimum hardware con&i uration &or a PPTP client is dependent on which operatin s'stem is .e a.ile users who need to connect to the enterprise network8 PPTP ena."N network8 etwor! Protocols on the Private 1nterprise etwor! PPTP ena.ased applications are required .le to connect6 via the tunnel to a PPTP server usin the PPTP device re&erred to as a #PN8 5ardware 3e6uire7ents The PPTP Server The computer that is con&i ured as a PPTP server must have the minimum con&i uration required to run =indow NT Server version -828 In addition6 two network adapter cards6 also re&erred to as network inter&ace cards 4NICs56 are required8 (ne adapter is connected to the InternetA the other is connected to the private enterprise network8 (ne o& the primar' advanta es o& PPTP is that it reduces or eliminates the need &or dedicated6 telecommunications equipment to support remote and mo.' a variet' o& companies6 includin mem.lic TCP7IP networks and retain eCistin network protocols6 network node addresses6 and namin schemes on the private enterprise network8 Thus6 no chan es to eCistin network con&i urations and to network3.les 'ou to use virtual private networkin over pu."N connection to create a PPTP tunnel across the .ein used8 It is important to note that an ISP network access server 4N"S5 can also .' usin dial3up lines over the Internet6 additional hardware is requiredA such as an analo modem or Inte rated Service $i ital Network 4IS$N5 device and a device &or telephone access6 such as a telephone wall Back8 I& the PPTP client is connectin over the ."N to another computer on the same .e a PPTP client8 In this case6 the N"S hardware can .over the Internet6 to the PPTP server on the private network8 • .led server or router manu&actured .les secure use o& pu."N8 This scenario starts with a remote or local computer con&i ured as a &&T& client8 The second computer6 at the other end o& the PPTP connection6 must ."N to a PPTP server6 the additional hardware required is the network adapter that is ph'sicall' wired to the .e con&i ured as a &&T& server8 The PPTP client must .lic or outsourced telecommunication networks8 This reduces the cost o& ownin and maintainin dedicated6 telecommunication equipment8 The PPTP Client " PPTP client can .e a PPTP3ena.p Networkin on a .S Ro.ers o& the PPTP *orum such as "scend Communications6 37Com7Primar' "ccess6 ECI Telematics and .

e authenticated 4Bust like an' other remote user usin R"S and $ial3.lic networks8 *or eCample6 IP9 or Net:E.p Networkin on .I6 or TCP7IP packets sent .I 0 PPTP when usin PPTP to tunnel across the Internet or other TCP7IP3.ased pu.e in installin PPTP6 it is important that 'ou understand the &ollowin points> • PPTP uses Eicroso&tFs implementation o& R"S and the Point3to3Point Protocol 4PPP5 to esta.etween the PPTP client and the PPTP server8 Thus6 to use PPTP 'ou must install and con&i ure R"S with $ial3.e correctl' con&i ured8 I& the' are not6 PPTP clients will not a.p Networkin 5 in order to connect to the private enterprise network8 • .sin the Internet to esta.e addressed to computers on the private enterprise network usin private network addressin or namin schemes8 The PPTP server disassem.etween the PPTP client and the PPTP server can .etween the PPTP client and PPTP server do not require PPTP installation8 • " PPTP server can .ehind a &irewall on the private enterprise network to ensure that tra&&ic in and out o& the private network over the PPTP server is secured .e placed .#12-31 I ST/.' the &irewall computer8 • To ensure enterprise network securit'6 PPTP clients must .e chan ed8 In addition6 IP addresses that are not valid on the Internet can .oth PPTP clients and PPTP servers8 • :ecause PPTP requires R"S and the PPP protocol6 'ou must esta.' usin dial3up lines6 Ethernet networks6 or token rin networks8 PPP provides remote3user authentication and data encr'ption ..e used on the private network8 Note6 however6 that the address and name resolution schemes on the private enterprise network must .les the PPTP packet &rom the PPTP client and &orwards the packet to the correct computer on the private network8 .lish a connection .I clients can continue to run applications that require these protocols8 Name resolution methodsDsuch as =indows Internet Namin Service 4=INS5 &or Net:I(S computers6 $omain Name S'stem 4$NS5 &or TCP7IP host names6 and Service "dvertisement Protocol 4S"P5 &or IP9 networkin Ddo not need to .le to communicate with computers on the private network8 :e&ore 'ou .etween a PPTP client and a PPTP server means that the PPTP server must have a valid6 Internet3 sanctioned IP address8 However6 the encapsulated IP96 Net:E.lish connections with remote computers .lish a PPP account with 'our ISP to use PPTP over an ISP connection to the Internet8 • PPTP uses virtual devices called #PNs8 =hen 'ou con&i ure PPTP6 'ou install and con&i ure #PNs in R"S as i& the' were ph'sical devices6 Bust like modems8 • PPTP is installed and con&i ured on PPTP clients and PPTP servers onl'8 Computers on the route .

p Networkin 6 is installed and con&i ured8 • <ou know how man' simultaneous connections with remote PPTP clients 'ou want the PPTP server to support6 so that 'ou can con&i ure the correct num.ased server as a network protocol .I ST/.er o& #PN devices • "ddin the #PN devices as R"S ports and devices • Con&i urin encr'ption and authentication options Installing PPTP on a PPTP Server To install the &&T& protocol on a computer running %indo s .' usin the Protocols ta.I 0 / ' C.oC is illustrated in the &ollowin &i ure8 .8 This section eCplains how to install and con&i ure the PPTP protocol on a PPTP server and assumes the &ollowin > • =indows NT Server version -82 is installed8 • (ne or more network adapters are installed8 In most cases6 two or more network adapters are required> one to connect to the Internet and one or more to connect to enterprise networks8 • TCP7IP is installed and .I6 or IP95 is installed and .' usin the Protocols ta./ PPTP S13V13 PPTP is installed on a =indows NT3.4 )8 Click Start6 point to Settings6 and click Control Panel8 +8 $ou.ound to the adapter4s5 connected to the private enterprise network8 • The PPTP server is con&i ured with a static IP address8 • R"S6 with $ial3.oC8 The Select Network Protocol dialo ..2I0U3I 0 PPTP .le3click Network in Control Panel8 38 Click the Protocols tab and then click Add to displa' the Select Network Protocol dialo .T Server version :.ound to the network adapter connected to the private enterprise network6 and the adapter is connected to the Internet8 • The network protocol used on the private enterprise network6 4TCP7IP6 Net:E. in the Network option o& Control Panel8 <ou can add6 con&i ure6 and remove PPTP .er o& #PN devices8 Con&i urin a computer runnin =indows NT Server version -82 as a PPTP server involves three maBor procedures> • Installin PPTP and then selectin the num.

e con&i ured to support a maCimum num.oC will appear as shown in the &ollowin &i ure8 )igure 6 7 Configuring the .er .ed in the &ollowin section ?"ddin #PN $evices as R"S Ports on a PPTP Server@ to complete installation o& PPTP8 .etween ) and +!/8 T'picall'6 multiple #PNs are installed on a PPTP server to ena.)igure 1 7 Selecting the &&T& net or# protocol -8 Select Point To Point Tunneling Protocol and click OK8 !8 T'pe the drive and director' location o& 'our =indows NT Server version -82 installation &iles in the Windows NT Setup dialo .er o& +!/ simultaneous #PN connections8 %8 Click OK and then click OK a ain in the Setup !essage dialo .oC 'ou can do either o& the &ollowin > a5 Temporaril' stop installation o& PPTP . /evices for the &&T& Server /8 Click the Number of Virtual Private Networks drop3down arrow to select the num.' clickin Cancel6 closin Network6 and shuttin down and restartin the computer8 Note that 'ou must per&orm the procedure descri.er o& simultaneous #PNs 'ou want the server to support8 <ou can select a num.le multiple clients to simultaneousl' connect to the PPTP server8 The server can .oC6 and then click Continue8 The PPTP &iles are copied &rom the installation director'6 and the PPTP Configuration dialo .um!er of .&.oC8 G8 In the "emote Access Setup properties dialo .

oC8 !8 Click Add8 The Add "AS #evice properties dialo .le3click Network in Control Panel8 Click the Services ta.oC is selected and then click OK to return to the "emote Access Setup properties dialo . and select "emote Access Service8 Click Properties to displa' the "emote Access Setup properties dialo .5 Continue installation o& PPTP .oC8 G8 Select a #PN port and click Configure8 #eri&' that the "eceive calls onl$ option in the Port %sage dialo .oC8 4I& 'ou also use this server as a PPTP client and want to use this #PN device to dial out as a PPTP device6 select #ial&out85 18 Repeat the last step &or each #PN device that is displa'ed on the "emote Access Setup properties ta..&. devices on the &&T& server )8 +8 38 -8 Click Start6 point to Settings6 and then click Control Panel $ou.&.' clickin Add to add the #PN devices installed with PPTP to R"S8 4See step ! o& the &ollowin procedure85 /dding VP 'evices as 3/S Ports on a PPTP Server "&ter installin PPTP6 'ou must add the #PN devices to R"S8 *ollow these steps to add #PN devices on a computer runnin =indows NT Server version -828 To configure .e added and con&i ured as a port and device in R"S8 %8 Select a #PN device and click OK8 Repeat steps !6 /6 and % until all the #PNs are added to the "emote Access Setup properties dialo .8 4:' de&ault6 #PN devices on a computer runnin =indows NT Server version -82 are automaticall' con&i ured with the "eceive calls onl$ option6 .ut 'ou should veri&' this con&i uration85 . /evices to (AS on the &&T& Server /8 Click the "AS Capable #evices list arrow to displa' #PN devices that must .oC will appear as shown in the &ollowin &i ure8 )igure 9 7 Adding the .

le encr'ption .oC8 Click OK to return to the "emote Access Setup properties dialo .&.oC8 ))8 Click Continue8 )+8 Close Network shut down6 and then restart the computer8 Configuring PPTP Server 1ncr+ption and /uthentication -ptions This section provides procedures and in&ormation a. /evice for +ncryption on the &&T& server !8 Select a #PN device &or which 'ou want to ena.le3click Network in Control Panel8 Click the Services ta.' the remote access protocol PPP8 <ou ena.)28 Click Network to displa' the Network Configuration dialo . device on the &&T& server )8 +8 38 -8 Click Start6 point to Settings6 and then click Control Panel' $ou.oC8 #eri&' that onl' TCP7IP is checked in the Server Settings in the Network Configuration dialo .oC will appear8 Microsoft Windows NT Server White Paper Installing. and select "emote Access Service8 Click Properties to displa' the "emote Access Setup properties dialo .&.le encr'ption6 and then click Network8 The Network Configuration dialo . Configuring and Using PPTPwith Microsoft Clients and Servers .' con&i urin each #PN device that was added and con&i ured in R"S properties8 This con&i uration is identical to con&i urin encr'ption &or other R"S devices6 such as a modem8 To ena!le encryption on a .oC 4shown .elow58 )igure : 7 Selecting a .out con&i urin a PPTP server8 This involves three sets> • Encr'ptin data sent over the Internet • "cceptin onl' PPTP packets &rom the Internet • "ccessin a private network Configuring Server 1ncr+ption for PPTP The encr'ption o& data is per&ormed .

ile users connect to the enterprise network .led .oC8 G8 Click Continue8 18 Close Network shut down6 and then restart the computer8 Configuring PPTP 2iltering on the PPTP Server Ena.)igure 5 7 Configuring the .' con&i urin TCP7IP settin s &or the adapter that is connected to the Internet8 Note =hen PPTP &ilterin is ena.led on the server adapter that is connected to the Internet8 PPTP &ilterin in this case is ena.ein made8 In other words6 i& remote or mo.led6 all other network packets are i nored8 Thus6 2 Installing.e ena.' usin the PPTP server and the Internet6 PPTP &ilterin should .&. device ith encryption on the &&T& server /8 Select "e(uire !icrosoft encr$pted aut)entication and "e(uire data encr$ption8 This con&i ures R"S and PPP to en&orce =indows NT3.led on the adapter over which the PPTP connection is .' con&i urin an adapter on the computer to .lin PPTP &ilterin provides a &orm o& securit' &or 'our private network .e ena.ased authentication o& all remote clients connectin to the PPTP server8 %8 Click OK to return to the "emote Access Setup properties dialo . Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .lock all packets eCcept PPTP packets8 In a multi3homed computer6 such as a PPTP server with one adapter connected to the enterprise network and another adapter connected to the Internet6 PPTP &ilterin should .

e di&&icult to trou.leshoot possi. Configuring and Using PPTPwith Microsoft Clients and Servers 3 .le pro.packets &rom TCP7IP utilities such as ping and tracert are not accepted .led8 This provides securit'6 .' usin the TCP7IP trou.ut it also means it can .leshootin utilities8 Microsoft Windows NT Server White Paper 3 Installing.lems on the PPTP server .' the adapter on which PPTP &ilterin is ena.

e ena.led on modems or IS$N devices8 )igure 8 7 +na!ling &&T& )iltering on the &&T& server /8 Click OK6 click OK a ain6 and then close Network8 %8 Shut down and then restart the computer8 Configuring .le the PPTP server to &orward a packet &rom a PPTP client to the correct destination computer8 *or more in&ormation a.I56 see Rassetup8hlp in the HwinntHs'stem3+ director'8 "&ter R"S is con&i ured to access the private network6 a PPTP server ! Installing.e con&i ured to access 'our private network usin the appropriate network protocols in order to ena. and then click Advanced8 !8 Click the Adapter drop3down arrow and select the adapter connected to the Internet8 Click ./ 3outing on the PPTP Server R"S must .led onl' on network adapters8 *ilterin cannot .6 select TCP*+P Protocol6 and then click Properties8 -8 Click the +P Address ta.le3click Network in Control Panel8 38 Click the Protocols ta.To ena!le &&T& filtering on an adapter in the &&T& server )8 Click Start6 point to Settings6 and then click Control Panel8 +8 $ou.out eneral R"S server con&i uration 4&or eCample6 usin TCP7IP6 IP96 or Net:E.nable PPTP -iltering as shown in the &ollowin dialo . Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .oC8 Note that &ilterin is ena.

e esta.e con&i ured to ena.' addin a Re istr' entr'8 • Static routes to the private network must . Configuring and Using PPTPwith Microsoft Clients and Servers " .requires the &ollowin steps> • The TCP7IP protocol must .lished8 Microsoft Windows NT Server White Paper " Installing.e suppressed .le IP &orwardin 8 • $e&ault routes must .

' usin a 8.le IP &orwardin on the PPTP server8 To ena!le '& for arding )8 +8 38 -8 Click Start6 point to Settings6 and then click Control Panel8 $ou.le the automatic addition o& a de&ault route on all the network adapters installed on the PPTP server8 <ou do this on the PPTP server .e added .oC6 and then click .nable +P -orwarding8 !8 Click OK click OK a ain6 and then close Network' /dding the 'ont/dd'efault0atewa+ 3egistr+ 1ntr+ :' de&ault6 =indows NT Server and =indows NT =orkstation .se the Re istr' editor to add this entr'6 and then stop and restart the computer8 "&ter the #ontAdd#efault.(C".ein added to the network adapters8 .' usin the route command with the persistent 47p5 option8 The route command causes all su.6 select TCP*+P6 and then click Properties8 Click the "outing Properties dialo .atewa$ with a value o& RE0I$=(R$ 2C) in the &ollowin Re istr' ke'> HJE<I.E"CHINEHS<STEEHCurrentControlSetHServicesH Knet or#adapter<HParametersHTcpipH$ont"dd$e&ault0atewa' This entr' prevents the de&ault route &rom .' addin the Re istr' entr' #ontAdd#efault. Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .e recon&i ured on a server connected to a private network and to the Internet8 <ou must disa.' PPTP clients8 To add the static routes to the PPTP server t'pe6 route with the 7p option at the command prompt as shown in the &ollowin eCample> C>HLroute add 3p )%+8)/8-G8)2 The route command must contain all the computers or networks 'ou want # Installing.nets and computers on the private network to .ut it must .roadcast &or ever' address required .at &ile that contains the routes or .atewa$ entr' is created 'ou must add static routes &or each network adapter8 These static routes must con&i ure the PPTP server to route incomin data &rom the Internet to the correct server on the private network8 /dding Static 3outes for the Private etwor! <ou add static routes to 'our private network on the PPTP server .1na*le IP 2orwarding <ou must ena.le3click Network in Control Panel Click the Protocols ta.oth place a de&ault route 428282825 on each network adapter in a computer8 This causes the server to send route discover' requests o& unknown IP addresses to the network adapter con&i ured with the de&ault route8 This is the normal and desired action o& a router6 .' usin the route command in the Command Prompt8 The static entries can .e known to the PPTP server8 =ithout the necessar' route commands6 the PPTP server would .

T %or#station version :.I 0 / ' C.2I0U3I 0 PPTP . Configuring and Using PPTPwith Microsoft Clients and Servers $ ..le3click Network8 38 Click the Protocols ta.le 'ou to make a dial3out connection &rom the computer8 • I& 'ou are usin the Internet to connect to the PPTP server6 'ou have a PPP account with 'our ISP8 Installing PPTP on a PPTP Client To install the &&T& protocol on a &&T& client running %indo s .' usin either dial3up lines to the Internet • .4 )8 Click Start6 point to Settings6 and then click Control Panel8 +8 In Control Panel6 dou.ile o&&ice work areas6 such as a con&erence room The procedures in this section assume the &ollowin > • =indows NT =orkstation version -82 or =indows NT Server version -82 is installed • TCP7IP is installed on the computer8 • R"S with $ial3up Networkin is installed on the computer8 • "n analo modem6 IS$N device6 or other modem device is installed and con&i ured in R"S to ena.6 and then click Add to displa' the Select Network Protocol dialo .I1 T PPTP clients to reach8 *or more in&ormation a.out .oC6 shown in the &ollowin &i ure8 Microsoft Windows NT Server White Paper $ Installing.et or#ing Supplement 6 Chapter -6 ?Routin in =indows NT6@ or the Eicroso&t Jnowled e :ase article M)+)G%% availa.T Server version :.I ST/./ PPTP C."N routin usin R"S6 consult the =indows NT Server version -82 .4 or %indo s .le on www8microso&t8com8 " PPTP client can connect to a PPTP server in three wa's> • ."N connection6 such as an Ethernet connection and adapter • ."N3to3.' usin a .' usin a network tap &ound in mo.

er o& #PN devices 'ou want the client to support8 <ou can select a num.)igure 7 7 Selecting the &&T& net or# protocol on the &&T& client -8 Select Point To Point Tunneling Protocol and click OK8 !8 T'pe the drive and director' location o& 'our installation &iles in the Windows NT Setup dialo .oC6 and then click Continue8 The PPTP &iles are copied &rom the installation director' and the PPTP Configuration dialo .oC will appear as shown in the &ollowin &i ure8 )igure 3 7 Adding a .er o& +!/ #PN devices8 %8 Click OK and then click OK in the Setup !essage dialo .oC8 % Installing.&. device on the &&T& client /8 Click the Number of Virtual Private Networks drop3down arrow and select the num.er . Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .etween ) and +!/ &or computers runnin =indows NT =orkstation version -82 or =indows NT Server version -828 T'picall'6 onl' one #PN is installed on a PPTP client8 Note I& the PPTP client is an ISP server runnin =indows NT Server version -826 'ou can select multiple #NP devices as needed to simultaneousl' support the PPP clients usin the ISP server to connect to a PPTP server8 =indows NT Server version -82 supports a maCimum num.

oC8 !8 Click Add8 The Add "AS #evice properties dialo .G8 In the "emote Access Setup properties dialo .e added and con&i ured as a port and device in R"S8 %8 Select the #PN) 3 R"SPPTPE device6 and then click OK8 4I& 'ou installed PPTP with more than one #PN device6 repeat steps !6 /6 and % until all the #PNs are added to the "emote Access Setup properties dialo . to (AS on a &&T& client /8 Click the "AS Capable #evices list to displa' the #PN devices that must .' clickin Cancel6 closin Network6 and then shuttin down and restartin the computer8 Note that 'ou must per&orm the procedure descri.5 Continue installation .le3click Network8 Click the Services ta. device on the &&T& client )8 +8 38 -8 Click Start6 point to Settings6 and then click Control Panel8 In Control Panel6 dou.ed in the &ollowin section ?"ddin a #PN $evice as a R"S Port on the PPTP Client@ to complete installation o& PPTP8 .' clickin Add to add to R"S the #PN device installed with PPTP8 4See step ! o& the procedure descri. and select "emote Access Service8 Click Properties to displa' the "emote Access Setup properties dialo .oC6 'ou can do either o& the &ollowin > a5 Temporaril' stop installation o& PPTP .&. Configuring and Using PPTPwith Microsoft Clients and Servers & .oC85 G8 :' de&ault6 the #PN device on a computer runnin =indows NT =orkstation version -82 is con&i ured to dial out onl'8 Select the #PN port and click Configure8 #eri&' that the #ial out onl$ option in the Port %sage Microsoft Windows NT Server White Paper & Installing.ed in the &ollowin section85 /dding a VP 'evice as a 3/S Port on the PPTP Client <ou must add the #PN device to R"S a&ter installin PPTP8 *ollow these steps to add a #PN device on a computer runnin =indows NT =orkstation version -828 To configure a .&.oC is illustrated in the &ollowin &i ure8 )igure 9 7 Adding the .

ook entr' &or 'our ISP8 Note <ou do not need to create a Phone.oC8 18 Click Network to displa' the Network Configuration dialo .I1 T dialo .(UP 1TW-34I 0 T51 PPTP C.2I0U3I 0 'I/.p Networkin to create phone.ook entr'A the PPTP server phone.lin secure and encr'pted communications to private enterprise networks via the Internet8 In this scenario6 the PPTP client must have two phone.ook entries &or the ISP and the PPTP server8 Creating the Phone*oo! 1ntr+ to 'ial a ISP I& 'ou are usin PPTP and $ial3. Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper ."N connection to dial up a PPTP server on the .e how to use $ial3.oC will appear8 Click OK85 +8 T'pe the name o& 'our ISP in Name t)e new p)onebook entr$6 and then click Ne/t8 38 Click + am calling t)e +nternet and click Ne/t8 This con&i ures the phone.ook entr'8 The &ollowin procedures descri.oC is the onl' option selected6 and then click OK8 This returns 'ou to the "emote Access Setup properties dialo ."N6 'ou onl' need to have one phone.oC8 Click %se Telep)on$ dialing properties i& 'ou need to add an ' Installing.p Networkin protocols8 -8 Select 'our modem device in Select t)e modem or adapter t)is entr$ will use on the !odem or Adapter dialo .ook entries> one to connect to the ISP and one to connect to a PPTP server However6 i& 'ou are usin PPTP to connect to another computer on the .ook entr' 'ou are creatin 6 the #ial&%p Networking dialo ."N8 :e&ore startin the &ollowin procedures6 make sure 'ou have> • Installed all network protocols used on the private network to which 'ou want to connect • Con&i ured R"S to dial out usin those network protocols8 To create a ne 'S& entry !y using the &hone!oo# %i=ard )8 Click Start6 point to Accessories6 and then click #ial&%p Networking8 4I& this is the &irst phone.p Networkin to connect to a PPTP server over the Internet6 'ou will need to create a Phone.ook entr' &or 'our ISP i& 'ou are usin a .oC6 and then click Ne/t8 !8 T'pe the ISP phone num.C.ook entr' to use TCP7IP and PPP as the $ial3.er in P)one number on the P)one Number dialo .oC8 )28 #eri&' that the TCP*+P option in #ial out Protocols is the onl' option checked6 and then click OK8 ))8 Click Continue8 )+8 Close Network shut down6 and then restart the computer8 PPTP is most commonl' used &or ena.

oC is illustrated in the &ollowin &i ure8 )igure 14 7 +>ample &hone!oo# entry used to dial up an 'S& +8 Review the in&ormation on the 0asic ta.ook entr' .' usin the &ollowin procedure8 To verify or edit your 'S& phone!oo# entry )8 Click !ore in #ial&%p Networking6 and then click . is illustrated in the &ollowin &i ure8 Microsoft Windows NT Server White Paper Installing. Configuring and Using PPTPwith Microsoft Clients and Servers .er is correct and that the correct modem or IS$N device is selected8 Eake an' necessar' chan es8 38 Click the Server ta.dit entr$ and modem properties to veri&' that 'our ISP phone.area code or other pre&iC8 Click Alternatives i& 'ou have an alternative phone num.8 The Server ta.er &or 'our ISP8 /8 Click Ne/t6 and then click -inis)8 %8 #eri&' the phone. to ensure that the phone num.ook entr' is correctl' con&i ured8 The .ntr$ dialo .dit P)onebook .

ook entr' to connect to 'our PPTP server .' 'our ISP8 %8 :' de&ault6 the options .8 Click Accept onl$ !icrosoft encr$pted aut)entication8 The con&i ures PPP to encr'pt the user name and password &or remote lo on to a server that en&orces =indows NT authentication8 )28 Click OK and then click Close to complete the ISP phone.nable PPP 1CP e/tensions are selected8 These settin s are compati.nable Software Compression and .ook entr'8 Creating the Phone*oo! 1ntr+ to 'ial a PPTP Server <ou must create a phone.)igure 11 7 .le with most ISP services8 Check with 'our ISP .e&ore chan in these de&ault settin s8 G8 Click the Script ta.oC6 ensure that TCP*+P is selected8 /8 Click TCP*+P Settings to displa' the PPP TCP*+P Settings dialo . Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .erifying the /ial71p Server properties -8 Review the in&ormation on the Server ta.6 and then select None8 The PPP protocol provided in R"S is desi ned to automate remote lo on8 I& 'our ISP requires a manual lo on6 consult 'our ISP &or the correct con&i uration8 18 Click the Securit$ ta.' 'our ISP8 2 Installing. to ensure that the #ial&up server t$pe displa's ?PPP> =indows NT6 =indows 1! Plus6 Internet8@ !8 In the Network protocols .oC8 Ensure that the TCP7IP settin s con&orm to the IP address and name server in&ormation speci&ied .ook entr' &or 'our PPTP server i& 'our computer is not PPTP3ena.led and 'ou are usin a PPTP service provided .' usin a #PN device8 Note <ou do not need to create a Phone.

I5 used on the private network to which 'ou want to connect8 • Con&i ured R"S to dial out usin the network protocols 4IP6 IP96 Net:E.ook entr'6 a #ial&%p Networking dialo .ook entr' to use TCP7IP and PPP as the $ial3.p Networkin protocols8 -8 Select "ASPPTP!2VPN34 in the Select t)e modem or adapter t)is entr$ will use list in the !odem or Adapter dialo . device )8 Click Start6 point to Accessories6 and then click #ial&%p Networking8 4I& this is the &irst phone.:e&ore startin the &ollowin procedures 'ou must have previousl' done the &ollowin > • Installed all network protocols 4IP6 IP96 Net:E.oC8 Microsoft Windows NT Server White Paper 3 Installing. Configuring and Using PPTPwith Microsoft Clients and Servers 3 .oC will appear8 Click OK85 +8 T'pe the name o& 'our PPTP server in Name t)e new p)onebook entr$6 and click Ne/t8 38 Click + am calling t)e +nternet and click Ne/t8 This con&i ures the phone.oC6 and then click Ne/t8 !8 T'pe the IP address o& the adapter on the PPTP server that is connected to the Internet in the P)one Number dialo .&.I5 used on the private network8 To create an phone!oo# entry to dial7up a &&T& server !y using a .

device +8 Review the in&ormation on the 0asic ta.er is correct and that the "ASPPTP!2VPN34 device is selected8 Eake an' necessar' chan es8 38 Click the Server ta.dit entr$ and modem properties to veri&' that 'our PPTP server phone.ook entr' is correctl' con&i ured8 The .ntr$ dialo .Note I& 'our PPTP server has an Internet re istered $NS name6 'ou could alternativel' enter itFs $NS name in this &ield8 /8 Click Ne/t6 and then click -inis)8 %8 #eri&' the phone.dit P)onebook . to ensure that the phone num.' usin the &ollowin procedure8 Note I& 'ou are con&i urin the #PN device on an ISP server runnin =indows NT Server version -82 that is con&i ured with multiple #PN devices6 repeat this procedure &or each #PN device8 To verify or edit your phone!oo# entry for the &&T& server )8 Click !ore in #ial&%p Networking and then click .8 ! Installing.oC will appear as illustrated in the &ollowin &i ure8 )igure 16 7 +>ample &hone!oo# entry for &&T& server and a . Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .ook entr' .&.

oC is not selected8 :oth methods are encr'pted and are there&ore secure8 Note I& 'ou are con&i urin the #PN device on an ISP server runnin =indows NT Server version -82 that is con&i ured with multiple #PN devices6 repeat this procedure &or each #PN device8 Microsoft Windows NT Server White Paper " Installing.' the PPTP server i& this .I5 must alread' .e selected unless it is the protocol used on 'our private network8 /8 I& 'ou use TCP7IP on 'our private network6 click TCP*+P Settings to displa' the PPP TCP*+P Settings dialo . to ensure that the #ial&up server t$pe displa's ?PPP> =indows NT6 =indows 1!N Plus6 Internet8@ !8 In the Network protocols dialo .)igure 19 7 .e used .erifying the /ial71p Server configuration on the &&T& client -8 Review the in&ormation on the Server ta.8 Click Accept onl$ !icrosoft encr$pted aut)entication8 The PPP protocol encr'pts the user name and password &or remote lo on8 The user name and password used to lo on to the current session can .' the R"S con&i uration on the PPTP server8 This includes the .e con&i ured to use that protocol to dial out8 Note that TCP7IP does not need to .oC8 Ensure that the TCP7IP settin s con&orm to the settin s required .nable Software Compression and .oC6 ensure that the network protocols used on 'our private network are selected8 "n' selected protocol 4TCP7IP6 IP97SP96 Net:E. Configuring and Using PPTPwith Microsoft Clients and Servers " .6 and then select None8 The PPP protocol used in R"S is desi ned to automate remote lo on8 I& 'our ISP requires a manual lo on6 consult 'our ISP &or the correct con&i uration8 G8 Click the Securit$ ta.' selectin %se current username and password8 <ou are prompted .nable PPP 1CP e/tensions settin s %8 Click the Script ta.e installed on the PPTP client 'ou are con&i urin 8 In addition6 R"S must .

ed in the previous section5 to connect to a PPTP server8 This section eCplains how to make the connection8 To connect to a &&T& server using a &&T& client to dial up an 'S& )8 Click !$ Computer6 and then click #ial&up Networking8 +8 Click !ore and select %ser Preferences8 (n the Appearance ta.ook entr'6 and then click #ial8 -8 "&ter connectin to 'our ISP6 click the drop3down arrow in the P)onebook entr$ to dial list once more to select the entr' &or 'our PPTP server8 Click #ial8 "&ter success&ul connection6 all tra&&ic throu h 'our modem is routed .'I/.A.P networkin over the .I S13V13 PPTP 0 / ISP " PPTP3ena. Configuring and Using PPTP with Microsoft Clients and Servers Microsoft Windows NT Server White Paper .6 clear the Close on dial check.' usin 'our direct .oC6 click the drop3down arrow in the P)onebook entr$ to dial list to select the entr' &or 'our ISP phone.ecause 'our are usin a PPTP server to connect to the remote computer8 In this scenario6 the PPTP client uses $ial3.' the ISP over the Internet to 'our PPTP server6 which routes the tra&&ic to the correct computer8 <ou can use a PPP client to make a connection to a PPTP server across the Internet i& 'our ISP provides a PPTP service8 <ou do this .out whether the' provide a PPTP service and i& so6 how to connect to their server that provides the PPTP service8 PPTP clients with a t'pical network connection or null modem connection to an IP network can use PPTP tunnelin over that IP network8 <ou can create a virtual private network .oC8 Click OK8 38 In the #ial&%p Networking dialo .I0 0(UP USI PPTP/ T.' usin $ial3.oC6 click the drop3down arrow in the P)onebook entr$ to dial list to select the entr' &or 'our PPTP server8 # Installing.ook entr' and the PPTP client #PN is required8 To connect to a &&T& server over a ./ 1CT TPPTP CT/ PPTP S13V13 1CT TS13V13 / #8 'I/. connection )8 Click !$ Computer6 and then click #ial&up Networking8 +8 Click !ore and select %ser Preferences8 (n the Appearance ta."N is encr'pted and secure .oC6 and then click OK8 38 In the #ial&%p Networking dialo ."N connection instead o& a telephone line8 " sin le dial3up connection to the PPTP server usin a Phone.p Networkin and 'our modem or IS$N device to connect to 'our ISP server8 <ou do not need to make a second dial3up call .led client must have two phone.ecause the ISP server con&i ured as a PPTP client6 makes the connections to the PPTP server &or the PPP client8 Contact 'our ISP &or in&ormation a."N connectionA data sent &rom 'our PPTP client to another computer on the .TPPTP .ISPT51 -V13 C.6 clear the Close on dial check.ook entries 4as descri./ S13VIC1 1CT CT.

"N to the remote computer Microsoft Windows NT Server White Paper $ Installing. Configuring and Using PPTPwith Microsoft Clients and Servers $ .-8 Click #ial8 "&ter success&ul connection6 all tra&&ic &rom 'our computer is &irst routed to 'our PPTP server6 which then &orwards 'our data across the .