Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


February 2002

Configuring a Win2K VPN Server

From the February 2002 Edition
of Windows Web Solutions
Tim Huckaby
Feature
InstantDoc #23575
Windows Web Solutions
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows Web Solutions | See More Windows CE Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Public Name Resolution Through a VPN Connection
The first time you establish a successful VPN connection to your remote server, you might have trouble with public name resolution (e.g., DNS, WINS). For example, you might not be able to launch a browser on a remote system to connect to a public Web site on the Internet. Because your VPN server is a completely separate LAN, you need to configure name resolution separately, too. Fortunately, there's a bulletproof way to handle name resolution on the client side without having to address the security implications of handling it on the VPN server—through your default Internet connection (i.e., your ISP).

However, before I show you how to set up public name resolution, I should point out that setting it up on your VPN server isn't necessarily a good idea. Indeed, many administrators deliberately set up their VPN servers without it. Two schools of thought exist about denying public name resolution through a VPN server. The first school asserts that the purpose of a VPN is to provide secure access to corporate LAN resources. Therefore, leveraging the corporate VPN as a springboard to public Internet sites is unnecessary. The second school centers on security. Providing public Internet access through a VPN connection is just one more exposed route that a malicious intruder can attack. So, many IIS administrators choose either not to provide name resolution at all through VPN connections or to provide only internal name resolution for internal servers (i.e., internal DNS).

If, however, your clients or administrators require access to resources outside the VPN, you can configure your VPN connection to handle public name resolution outside your VPN server. To do so for a Win2K VPN, follow these steps:

  1. Choose Start, Settings, Network and Dial-up Connections.
  2. Right-click your VPN connection, then select Properties.
  3. Click the Networking tab.
  4. Select Internet Protocol (TCP/IP) from the components list, then click Properties.
  5. Click Advanced, then click the General tab, which Figure 4, page 10, shows.
  6. Clear the Use default gateway on remote network check box. (This check box is selected by default.)

The Use default gateway on remote network check box controls the route used for connections to remote servers. By clearing this check box, your Internet connection rather than the remote server handles the routing. This connection provides a secure connection to the servers on your LAN through the VPN. Any access to the public Internet will be routed through your Internet connection, where your ISP handles public name resolution.

VPN Connectivity Through Windows CE
At the time of this writing, Windows CE .NET (code-named Talisker) was in beta 2 and publicly available. This new version of Windows CE will ship not only with a VPN client but also with its own version of Terminal Services. Figure 5 shows the Windows CE VPN configuration screen. Web-exclusive Figure 1, which you can access from the Windows Web Solutions Web site (http:// www.windowswebsolutions.com, InstantDoc ID 23575), shows the Windows CE Terminal Services client.

Windows CE .NET will feature PPTP support. With this support, you can secure the transfer of data from a remote Windows CE­based client running on form factors as small as a pocket PC to a private enterprise server by creating a VPN across a TCP/IP-based network. Windows CE .NET will also feature RDP 5.0 support, which connects a Windows CE­based client to a Win2K- or Windows NT 4.0­based server that's running Terminal Services. As Web-exclusive Figure 2 shows, you can securely administer a production IIS server remotely from a wireless pocket PC by running Internet Services Manager (ISM) over Terminal Services. You'll be able to administer IIS servers remotely on handheld computers that have the same tools you use on desktop PCs!

Up and Running with VPN
Installing and configuring a VPN server for secure remote access is one of the more complex operations in Win2K. Configuring VPN client access is also complex. Now, you have the foundation to get your VPN client connectivity running securely and effectively. Next month, I'll dive into the Microsoft SMTP Service and show you how to automate sending email from your Web servers.

End of Article

   Previous  1  [2]  Next  


Reader Comments
im having problems to link in VPN where on both locations we have Domain Controller?

Do you have any idea about setting it up on the domain?

edon July 29, 2003

Hi
I realy desesperate because i can't connect a VPN. can u help me please?
I Have a DI-604 router.
Thanks

Carlos Rosas December 15, 2003

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

WinInfo Short Takes: Week of November 24, 2008

An often irreverent look at some of the week's other news, including a Vista Capable dismissal request, Zune price reductions, Morrow musings, Novell and Microsoft sitting in a tree ... two years later, Yahoo!, IE 6 on Windows Mobile, and so much more ...
Related Events Delivering Reliable and Effective Web-Based Applications

Making Web Application Perform Better: What to Watch, How to Watch It, and How to Fix It

Windows, Unix, Linux Interoperability

Check out our list of Free Email Newsletters!
IIS and Web Administration eBooks Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security
Related IIS and Web Administration Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Is Your Approach to VMware Server Recovery Outdated?
Is your data protected from server failure? Download this white paper to find the best way to back up, recover, and restore your VMware ESX Server 3.x.

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Don't Miss 3 Introductory PowerShell Lessons!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing