|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
VPN/RRAS, Workgroup modeBackground:
I have a Windows Server 2003 machine in a workgroup (non-domain), and want to have both Windows XP and Windows Vista clients connect to it, receive an IP address, and route traffic through it to other machines in the remote network. Three part question: 1) What ports do I need open on my firewall (in front of the server) to pass traffic to it? 2) Will it work properly for clients that connect from behind a home firewall (NAT, then cross the internets, then NAT to the Windows server)? 3) What do I need to do to configure the Windows Server 2003 to accept connections and issue internal (LAN) IP addresses to the clients?
Show quote
Hide quote
"David" <DMG@newsgroup.nospam> wrote in message 1. The ports you need to open depend on what sort of VPN you use. PPTP news:8A9C7416-F373-4737-9666-DC9CA3E9FB70@microsoft.com... > Background: > I have a Windows Server 2003 machine in a workgroup (non-domain), and want > to have both Windows XP and Windows Vista clients connect to it, receive > an > IP address, and route traffic through it to other machines in the remote > network. > > Three part question: > 1) What ports do I need open on my firewall (in front of the server) to > pass > traffic to it? > 2) Will it work properly for clients that connect from behind a home > firewall (NAT, then cross the internets, then NAT to the Windows server)? > 3) What do I need to do to configure the Windows Server 2003 to accept > connections and issue internal (LAN) IP addresses to the clients? uses tcp port 1723. It also requires GRE which is IP protocol 47 (not port 47). 2. VPN should work from clients behind NAT. 3. The IP address pool for the remote clients is configured in the VPN server. If this pool is in the same IP subnet as the LAN, the remotes will get an IP address in the same subnet as the LAN. The VPN server acts as a proxy for the remote clients. Note that VPN only gives you an IP connection. It does not automatically give you name resolution like a LAN connection. Hello,
Thank you for posting here. Also thanks for the input from Bill. According to your description, I understand that: You want to know how to deploy a Windows Server 2003 VPN server in the workgroup mode. If I have misunderstood the problem, please don't hesitate to let me know. 1. The ports that you need to forward on the firewall depends on the tunneling protocol you will use on the VPN server. Beside the PPTP, if you want to deploy a L2TP tunneling protocol VPN server, you will need to open: " UDP port 500. This filter allows Internet Key Exchange (IKE) traffic to the VPN server. " UDP port 1701. This filter allows L2TP traffic from the VPN client to the VPN server. " UDP port 4500. This filter allows IPSec network address translator traversal (NAT-T) traffic. For more detailed information, you may refer to: VPN servers and firewall configuration http://technet.microsoft.com/en-us/library/cc737500(WS.10).aspx 2. Typically, outbound VPN traffic is allowed by the NAT router (firewall) by default. 3. You need to open enough PPTP/L2TP ports on the VPN server to make it accept the incoming VPN connections. Configure Ports for Remote Access http://technet.microsoft.com/en-us/library/dd458965(WS.10).aspx To issue internal IP address to VPN clients, you may simply configure RRAS to use addresses from a DHCP server. You can also create a address pool to achieve the goal, too. Configure the Way RRAS Assigns IP Addresses to VPN Clients http://technet.microsoft.com/en-us/library/dd469667(WS.10).aspx If you have any questions or concerns, please do not hesitate to let me know. Best regards, Miles Li Microsoft Online Newsgroup Support ================================================================== Please post your EBS related questions to the EBS newsgroup on Connect website: https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx If you want to use a newsreader other than a web forum to access these newsgroups, please refer to the following blog to apply NNTP password and configure a newsreader: http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-20 08-newsgroups.aspx ================================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ================================================================== David <DMG@newsgroup.nospam> wrote:
Show quoteHide quote > Background: Take my advice - don't do this. Let your firewall appliance handle VPN > I have a Windows Server 2003 machine in a workgroup (non-domain), and > want to have both Windows XP and Windows Vista clients connect to it, > receive an IP address, and route traffic through it to other machines > in the remote network. > > Three part question: > 1) What ports do I need open on my firewall (in front of the server) > to pass traffic to it? > 2) Will it work properly for clients that connect from behind a home > firewall (NAT, then cross the internets, then NAT to the Windows > server)? 3) What do I need to do to configure the Windows Server 2003 > to accept connections and issue internal (LAN) IP addresses to the > clients? connections. If you don't have one that can do it, look into an inexpensive SSL VPN appliance - Netgear makes some.  
Other interesting topics
Taking ownership of files on remote computer
Group Policy logon script not applied if connected by WiFi Multi-WAN loadbalancing & RRAS. Routing and Remote Access NAT - I need to modify TTL Remote AD offline and lack of access to local file server Dead DC - Slow internet resulting Reseting LAN interface count Windows 2000 server shared drive problem DHCP not serving 2nd scope Port Redirection |
|||||||||||||||||||||||
