configure a windows server 2003 vpn on the server side - techrepublic
DESCRIPTION
cara menginstal dan mengatur windows server 2003 sebagai vpn. cara mudah step by step menginstal windows server 2003 dan mengaturnya sebagai vpn pada sebuah private server.TRANSCRIPT
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 1/14
Set up a Windows Server 2003-based PPTP virtual private network (VPN)
with this step-by-step installation and configuration guide.
Sometimes, simplicity is the best choice for both a technology solution and the corresponding tutorial that explains
how to use the new solution. In this document, I will provide a clear, concise, systematic procedure for getting a
Windows Server 2003-based PPTP VPN (http://www.techrepublic.com/5100-6329-5074473.html) up and running. I'm using
Windows Server 2003 (http://www.techrepublic.com/5138-10879-5766252.html) with Service Pack 1 for this guide.
Add the Remote Access/VPN Server role to your Windows Server 2003 system
To add the Remote Access/VPN Server role, go to Start | All Programs | Administrative Tools | Configure Your Server
Wizard. The first screen of this wizard is for informational purposes only and, thus, is not shown here. Click Next.
The same goes for the second screen, which just tells you some things you need to have completed before adding
new roles to your server.
On the third screen of the wizard, entitled Server Role, you're presented with a list of available roles for your server
along with column that indicates whether or not a particular role has been assigned to this machine. Figure A
shows you a screen from a server on which just the IIS Web server role has been added.
Figure A
WINDOWS SERVER
Configure a Windows Server 2003 VPN on the server sideBy Scott Lowe MCSE July 26, 2005, 12:25 PM PST
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 2/14
To add a new role, select the role and click Next
To add the Remote Access/VPN Server role to your server, select that role and click the Next button to move on to
the next screen in the wizard, which provides you with a quick overview of the options you selected.
Figure B
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 3/14
The summary screen is pretty basic for this role
Take note: This selection just starts another wizard called the Routing and Remote Access Wizard, described
further below.
The Routing and Remote Access Wizard component
Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can
just click Next.
The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection
you want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPN
and NAT" selection and click Next.
Figure C
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 4/14
Select the VPN option and click Next
The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to
connect the system to the Internet. For VPN servers, you should install and use a separate network adapter for VPN
applications. Network adapters are really cheap and separation makes the connections easier to secure. In this
example, I've selected the second local area network connection (see Figure D), a separate NIC from the one that
connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by
setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to
protect your server from outside attack. A hardware firewall is still a good idea, too.
Figure D
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 5/14
Select the netw ork adapter that connects your server to the Internet
With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network
external clients should connect to in order to access resources. Notice that the adapter selected for Internet access
is not an option here.
Figure E
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 6/14
Select the netw ork containing resources needed by external clients
Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN
server so that the clients can access the appropriate resources. You have two options (really three â€" I'll explain in
a minute) for handling the doling out of IP addresses.
First, you can leave the work up to your DHCP (http://www.techrepublic.com/5100-1035_11-1041798.html) server and make the
right configuration changes on your network equipment for DHCP packets to get from your DHCP server to your
clients. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to
the server. To make this option work, you give your VPN server a range of available IP addresses that it can use.
This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN
"pool" of addresses, I know they're remote, for example. So, for this setting, as shown in Figure F below, I prefer to
use the "From a specified range of addresses" option. Make your selection and click Next.
Figure F
Your choice on this one! I prefer to provide a range of addresses
If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS
wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button
on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click
OK. The "Number of addresses" field will be filled in automatically based on your entry. You can also just enter the
starting IP address and the number if IP addresses you want in the pool. If you do so, the wizard automatically
calculates the ending IP address. Click OK in the New Address Range window; your entry appears in the Address
Range Assignment window. Click Next to continue.
Figure G
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 7/14
You can have multiple address ranges, as long as they are all accessible
The next screen asks you to identify the network that has shared access to the Internet. This is generally the same
network that your VPN users will use to access shared resources.
Figure H
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 8/14
Pick the netw ork adapter that gives you access to the Internet
Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service
provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other
services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties itself. Give
users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this
example, I will not be using RADIUS, but will allow RRAS to directly authenticate incoming connection requests.
Figure I
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 9/14
Decide w hat means of authentication you w ant to provide
That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.
Figure J
The RRAS w izard summary w indow
This also completes the installation of the Remote Access/VPN Server role.
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 10/14
User configuration
By default, users are not granted access to the services offered by the VPN; you need to grant these rights to each
user that you want to allow remote access to your network. To do this, open Active Directory
(http://www.techrepublic.com/1200-26-5123755.html) Users and Computers (for domains) or Computer Management (for stand
alone networks), and open the properties page for a user to whom you'd like to grant access to the VPN. Select that
user's Dial-In properties page. On this page, under Remote Access Permissions, select "Allow access". Note that
there are a lot of different ways to "dial in to" a Windows Server 2003 system; a VPN is but one method. Other
methods include wireless networks, 802.1x, and dial-up. This article assumes that you're not using the Windows
features for these other types of networks. If you are, and you specify "Allow access", a user will be able to use
multiple methods to gain access to your system. I can't go over all of the various permutations in a single article,
however.
Figure K
Allow the user access to the VPN
Up and running
These are the steps needed on the server to get a VPN up and running. Of course, if you have devices such as
firewalls between your VPN server and the Internet, further steps may be required; these are beyond the scope of
this article, however.
You May Also Like
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 11/14
Recommended by
Add your Comment
Death by 1000 Cloud Apps(Intermedia)
Two 34-Year-Old Aussies AreLatest Techies To BecomeBillionaires…(Forbes)
The Impact of Video Games onOur Minds(Learnist)
Let's Get Flexible(Hybrid Cloud Forum)
7 Things No Modern SoftwareDevelopment Team Should BeWithout(VentureBeat)
84% of Publishers Believe ThatNative Ad Adds Value forConsumers(AtContent)
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 12/14
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 13/14
WEBCASTS // FROM ZDNET
On-demand Webcast - ZDNet's 2014 Cloud Priorities Research Presentation
In case you missed it live, catch the on-demand presentation of ZDNet's latest
cloud computing research. Bill Detwiler, Managing Editor of Tech Pro Research,
unveils trends, use-cases, and attitudes driving cloud in business today.
WATCH NOW
DOWNLOADS // FROM SOLARWINDS
FREE Trial! Download Dameware Secure Remote Support Now!
DOWNLOAD NOW
DOWNLOADS // FROM SOLARWINDS
Top 5 Reasons to Choose SolarWinds Log and Event Manager (LEM)
DOWNLOAD NOW
DOWNLOADS // FROM SOLARWINDS
Free Trial! Comprehensive Virtualization Management
DOWNLOAD NOW
Editor's Picks
Internet trolls,
community, and being
human
Use distintive vibration
alerts to better identify
callers
Surface Pro 3: The
tablet that can replace
your laptop
Five ways to reduce IT's
software maintenance
work
White Papers, Webcasts, and Downloads
6/17/2014 Configure a Windows Server 2003 VPN on the server side - TechRepublic
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/ 14/14
See what best practices for SMBs are emerging. Visit ZDNet today!
Don't Miss Our Latest Updates
Editor's Daily Picks Subscribe
Week in Review Subscribe
RADIUS Server forWindowskaplansoft.com/tekradius
Easy to install Easy to use
Resource CenterUseful content from our premier sponsors