ch17lev1sec8.html


Previous Page Next Page

Understanding Virtual Private Networks

Because most computer users either already have some type of connection to the Internet from any number of Internet service providers both at home and on the road (and often have a connection speed faster than a dial-up modem), you can take advantage of this in how you provide remote access to your remote clients. A virtual private network is a secure and private way for a remote user connected to the Internet to connect to your private corporate network. In effect, you are creating a private communication line over an otherwise public communication system. VPN is also useful in that users on business trips, for example, can use local phone connections to an ISP instead of using long-distance connections with an RAS dial-in server.

VPN uses a tunneling protocol that provides the secure connection over the Internet between the client and the VPN server. You can take advantage of VPNs for remote client connections and for connecting different Windows Server 2008 network sites into one seamless network.

The VPN Tunneling Protocols

VPN uses tunneling protocols to provide the secure “tunnel” through an unsecured, public network such as the Internet. In effect, a point-to-point connection is made between the client and the VPN server. Windows Server 2008 provides three tunneling protocols for VPN:

SSTP, PPTP, and L2TP are automatically installed on computers running Windows Server 2008 and Windows Vista. PPTP and L2TP are installed on other Windows clients such as Windows XP and Windows 2000.

Creating a VPN Server

A VPN server is created and configured using the Windows Server 2008 Routing and Remote Access Service. The RRAS Setup Wizard walks you through the steps of enabling RRAS for VPN. To be configured as a VPN server, the server needs to contain two network cards. This makes it a multihomed computer (a fancy name for a computer with two or more network cards), which could also be configured as a router (discussed in Hour 18).

One network card provides the IP address that the VPN clients will use to connect to the VPN server (which can be a NIC that is configured with a public IP address for connection to the Internet); the other network card is the VPN server’s connection to the local area network. If you look back at the section “Enabling and Configuring RRAS,” both dial-up and VPN remote access were both added during the initial configuration of the RAS server.

If you did not add VPN to the RAS server’s configuration in the Routing and Remote Access Server Setup Wizard, you can right-click the server node in the RRAS snap-in node tree and select Properties from the shortcut menu. On the General tab of the server’s Properties dialog box, select the IPv4 remote access check box. This enables the RRAS server to function as both a VPN server and as a dial-in RAS server (if the server is configured with a modem or modem pool).

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories