VPN Server settings in WINDOWS

A common illusion about VPN clients is that they are workstations connected to the enterprise network on a VPN. This type of workstation must be a VPN Client, but it is not the only VPN Client. A VPN Client can be either a computer or a computer. What type of VPN Client does your network need depends on your company's specific needs.

For example, if you happen to have a branch office that is not directly connected to the company office, using a router as a VPN Client may be a good choice for you. By doing so, you can use a single connection to connect the entire branch office to the company office. You do not need to establish a separate connection for each PC.

On the other hand, if you have employees who often go on a business trip who need to visit the company's network during the trip, setting the computers of these employees as VPN clients may be advantageous.

Technically, any operating system can act as a VPN Client as long as PPTP, L2TP, or IPSec protocols are supported. For Microsoft, this means that you can use Windows NT 4.0, 9X, ME, 2000, and XP operating systems. Although all these operating systems can be used as clients technically, we recommend that you stick to Windows 2000 or Windows XP, because these operating systems support L2TP and PSec protocols.

VPN Server

The VPN Server can be used as a connection point of the VPN Client. Technically, you can use Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, and other operating systems as a VPN Server. However, to ensure security, I think you should use the Windows Server 2003 operating system.

One of the biggest misunderstandings about the VPN Server is that all the work on the VPN Server is done by yourself. My friends told me countless times that they wanted to buy a VPN Server. They didn't realize that the VPN Server is just one of the necessary components.

The VPN Server itself is very simple. The VPN Server is an enhanced 'windows 2003 Server' Server that executes Routing and Remote Access Service tasks. Once a request for access to the VPN network is approved, the VPN Server simply acts as a router to provide access from the private network to the VPN Client.

ISA Server

One of the additional requirements of the VPN Server is that you need a RADIUS (Remote Authentication Dial-In User Service) server. Remote Authentication Dial-in is a mechanism by Internet service providers to identify users when they try to establish an Internet connection.

The reason you need to use the RADIUS server is that you need some identification mechanisms to identify the users entering your network through the VPN connection. Your domain name controller cannot complete this task. It is not a good idea to expose the domain name controller to the outside world even if your domain name controller is competent for this task.

The question is, where do you get this RADIUS server? Microsoft has its own version of RADIUS named "Internet identity recognition service", which is abbreviated as IAS. The Windows Server 2003 operating system includes the IAS function. This is good news. Bad messages are caused by security reasons. You cannot run ISA as a route or Remote Access Service (RRAS) on the same computer. Even if I can do this, I cannot be sure to try the virtual service? Which of the following statements is missing?

Firewall

Other components required by your VPN are a good firewall. Indeed. Your VPN Server accepts connections from the external world, but this does not mean that the external world needs full access to the VPN Server. You must use a firewall to block any unused ports.

The basic requirement for establishing a VPN connection is that the IP address of the VPN Server must be accessible over the Internet, and the VPN communication must be able to access the VPN Server through your firewall. However, there is also an alternative component. You can use this component to make your VPN Server safer.

If you pay great attention to security issues (and you have the budget), you can place an ISA Server between the ISA Server and your firewall and VPN Server. This idea is that you can set a firewall to direct all VPN-related communications to the ISA server instead of the VPN Server. The ISA server then acts as a VPN proxy server.

The VPN Client and the VPN Server only communicate with the ISA Server. They never communicate with each other directly. This means that the ISA Server is protecting the VPN Server and does not allow direct access to the VPN Server, thus adding a protective layer for the VPN Server.