|
Question : Network - Remote access with windows 2000 server
|
|
Here's my situation:
I need to be able to setup my LAN to connect to the internet through a windows 2000 server. The windows 2000 server needs to be setup the following way.
NIC labled internal needs to have plugged into a switch that all the network nodes are plugged into. The windows 2000 server is the DHCP server for all the computers as well as the domain controller, etc.
The External interface is setup with the static IP provided by the ISP. I need remote clients to be able to use RRAS to obtain DHCP etc through RRAS and the computers on the LAN need to also be able to communicate to the internet by using the interace labled "external" Do I need to setup RRAS in any specail way or just statically asign the IP addresses, plug them all in and setup DHCP relay for the remote clients?
Any help would be greatly aprechiated. Thank you!
|
Answer : Network - Remote access with windows 2000 server
|
|
I recommend you do not choose subnets that are common if you are going to have VPN access. All local and remote subnets must be different with a VPN, choosing a common one may conflict with the local subnet at one or more remote sites. Therefor avoid:
192.168.0.x, 192.168.1.x, 192.168.2.x, 192.168.100.x, 192.168.1.1.x
10.0.0.x, 10.1.1.x, 10.10.10.x
172.16.0.x
The internal NIC should be assigned a static IP, no gateway, and your internal DNS server IP's only. This is likely the 2000 server itself, if it hosts the DNS service. ISP's DNS should only be added as forwarders in the DNS management console. (to do so: DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers ). If you have enabled WINS services, add that IP as well under WINS server, in the NIC configuration.
Since the server is also hosting DHCP services configure the following scope options. Open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add your server�s internal IP under router (this is dues to wanting the 200 server to route traffic to the Internet), the server's IP in #006 DNS Servers, and the domain name and suffix under #015 such as mydomain.local You can also add your WINS server under option #044 if you have enabled this service (useful for VPN�s)
The External NIC as you stated will be assigned a static IP, Subnet Mask and gateway, as supplied by the ISP, and again DNS server/s should only be your internal DNS server.
Then open the RRAS (Routing and Remote Access) console in administrative tools. Start the set up wizard by right clicking on the server name and choosing �Configure and Enable RRAS�. Choose Virtual Private Network access and NAT. Next window (if asked) choose VPN rather than Dial-up. In the following windows, select the external NIC, then the Internal NIC. Next you can choose the option to use your existing DHCP server, or set up a static address pool for VPN clients within RRAS. Next choose to allow RRAS to authenticate users, and save. This should set up a basic NAT firewall, routing, and VPN access.
You also need to grant access to the VPN users, in active directory users and computers, under the users� profile, on the Dial-in tab.
Following site may have some helpful information relating to this:
http://www.lan-2-wan.com/vpns-windows.htm
|
|
|
|
|
