The same goes for the second screen, which just tells you some things you need to have completed before adding new roles to your server. On the third screen of the wizard, entitled Server Role, you're presented with a list of available roles for your server along with column that indicates whether or not a particular role has been assigned to this machine.
Take note: This selection just starts another wizard called the Routing and Remote Access Wizard, described further below. Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next. The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide. The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet.
Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection see Figure D , a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to protect your server from outside attack.
A hardware firewall is still a good idea, too. With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here. Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources.
Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server. To make this option work, you give your VPN server a range of available IP addresses that it can use.
This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example. So, for this setting, as shown in Figure F below, I prefer to use the "From a specified range of addresses" option.
Make your selection and click Next. If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. Click Finish.
The Network Connection Wizard just creates the initial connection with common parameters. Now that it's created, you need to make modifications based on your environment. In particular, I've often run into trouble with Network Connection Wizard-created VPN connections' default gateway setting—more on that in a bit. As soon as you're done with the Network Connection Wizard, the new connection pops up so that you can connect to the remote VPN server.
The example, shown below in Figure G , contains the username and password, which I provided. Before you hit the Connect button, take a little time to adjust the client settings. To do so, click the Properties button. I will go through most of the screens, and provide explanation where I recommend that you change the default settings. There isn't much to change here, except if you need to change the name or IP address of the server to which you will connect. You can also configure this connection to dial a different connection before attempting to connect to the VPN.
This is useful for clients that need to establish a dial-up connection before connecting to the VPN as it reduces the number of steps the remote user must take to attach to your server.
Also located on this tab is a checkbox that enables the network adapter icon to appear in the system tray whenever this connection is active.
Short version: You don't need to make changes here if you provided all of the necessary information during the wizard. The Options tab provides choices for how to handle the initial connection and any subsequent redial attempts. The word "dial" on this screen is a little misleading since the options aren't strictly for modem-only users. On this screen, you can dictate whether the system should provide you with information about the connection status and how user names, passwords and domain names should be handled.
Further, you can tell Windows what to do if the connection is dropped—should it be automatically redialed or not, for example? As you can imagine, this is where you specify security settings for the connection. If you set up your VPN server as per the instructions in the previous article, you shouldn't need to change these settings.
If you want to increase security, though, select the "Advanced custom settings " option and make sure those match your server setup. I won't be going into these options in this article, however. This article series' scope is simply to get a PPTP server up and running and accepting connections from clients. One option I never recommend that you enable is the "Automatically use my Windows logon name and password and domain if any " option since it can result in a big, gaping security hole.
Basically, if you forget to log out, or whatever, anyone that walks up to the client computer could connect to your organization's network and do what they will. It's not that much work to type a user name and password. This tab provides a means for you to configure the various network options for this connection.
The first option asks you about the type of VPN to which you're connecting. Virtual private networks use authenticated links to make sure that only authorized users can connect to your network. The tunneling is completed through one of the tunneling protocols included with servers running Windows Server , both of which are installed with Routing and Remote Access. The Routing and Remote Access service is installed automatically during the installation of Windows Server By default, however, the Routing and Remote Access service is turned off.
Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower-left corner, the Routing and Remote Access service hasn't been turned on. If the icon has a green arrow pointing up in the lower-left corner, the Routing and Remote Access service has been turned on.
If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server:. Click to select VPN or Dial-up depending on the role that you intend to assign to this server. In the IP Address Assignment window, click Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients must only be given an address from a pre-defined pool.
In most cases, the DHCP option is simpler to administer. However, if DHCP isn't available, you must specify a range of static addresses. Click Next to continue. If you clicked From a specified range of addresses , the Address Range Assignment dialog box opens.
Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Windows calculates the number of addresses automatically. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests , and then click Next to continue. For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.
The number of dial-up modem connections is dependent on the number of modems that are installed on the server. For example, if you have only one modem installed on the server, you can have only one modem connection at a time. The number of dial-up VPN connections is dependent on the number of simultaneous users whom you want to permit. By default, when you run the procedure described in this article, you permit connections.
To change the number of simultaneous connections, follow these steps:. You can also configure a static IP address pool. Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections. To grant dial-in access to a user account if you're managing remote access on a user basis, follow these steps:.
If the VPN server already permits dial-up networking remote access services, do not delete the default policy. Instead, move it so that it is the last policy to be evaluated. To set up a connection to a VPN, follow these steps. To set up a client for virtual private network access, follow these steps on the client workstation:. Because there are several versions of Microsoft Windows, the following steps may be different on your computer.
If they are, see your product documentation to complete these steps. Click Create a new connection under Network Tasks , and then click Next. Click Connect to the network at my workplace to create the dial-up connection. Type a descriptive name for this connection in the Company name dialog box, and then click Next.
Click Do not dial the initial connection if the computer is permanently connected to the Internet. Click Next. Click Anyone's use if you want to permit any user who logs on to the workstation to have access to this dial-up connection. Click My use only if you want this connection to be available only to the currently logged-on user.
0コメント