First step: system the preparatory workThe server hardware: double card, a meet outside the nets, a pick LAN. In windows2003 of VPN services called “routing and remote access”, default state has been installed. Just this service necessary configurations that its …
First step: system the preparatory workThe server hardware: double card, a meet outside the nets, a pick LAN. In windows2003 of VPN services called “routing and remote access”, default state has been installed. Just this service necessary configurations that its effect can.First determine whether opened Windows Firewall/Internet Connection Sharing(ICS) service, if open the Windows Firewall/Internet Connection Sharing(ICS) service of words, in configuration “routing and remote access” system will pop up below dialog box.Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>We just have to go “start” – “program” – “management tools” – “service” inside the Windows Firewall/InternetConnection Sharing (ICS) stop, and set the start type for the disabled, shown below:Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Step 2: open VPN and NAT serviceThen again ordinal choice “start” – “program” – “management tools” – “routing and remote access,” open “routing and remote access” service window, Again in the window left right-click the local computer name, choose “configuration and enable routing and remote access”, as below:Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>In the pop-up “routing and remote access server installation guide” midpoint next, appear as follows dialog box.Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Because we must realize the NAT share Internet and VPN dialed server functions, so we select custom configuration “option, click next,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Here we choose “VPN access” and “NAT and basic firewall” option, click next, in the verification dialog midpoint “finish”, the system can hint whether startup services, point “is”, the system will press just configuration startup routing and remote access services, finally shown below,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Step 3: configuration NAT serviceRight-click NAT/basic firewall “option, select” new interface “, pop-up below dialog box,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Here we according to their own choice connect Internet network environment of the interface, choose “wan” interface, click “ok”, pop-up “network address translation – wan properties dialog box, are shown below configurations.Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Because we are connected networks outside the network card of so choose “public interface to connect to the Internet” and “in the interface enable NAT” option and choose “in the interface enable basic firewall” option, this to the server security is very important.Below we point “service and port” setting servers allow foreign provide PPTPVPN services, in “service and port” GUI point “VPN gateway (PPTP)”, in the pop-up “edit service” dialog box on the diagram below configuration,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Click “ok”, return to “service and port” TAB, make sure to select the “VPN gateway (PPTP)”, in the following figure,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Fourth step: according to the need to install VPN servicesSet number of connections: right-click the right tree catalogue in port options, select properties, popup dialog box below,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Windows Server 2003Enterprise edition VPN services default support 128 PPTP connection and 128 L2TP connection, because we used here PPTP protocol, so we double-click WAN miniature port (PPTP) option, a popup dialog box according to their own needs, set up the number of connections needed; WindowsServer 2003 enterprise edition most support 30000 L2TP port, 16384 a PPTP port.Setting IP address: right-click the right tree catalogue in local server name, select “properties” and switch to the IP TAB (shown below).Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Here we choose “static address pools” click “add”, according to need to access number arbitrarily add a address range, but don’t and local IP address conflict as shown in the diagram below,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Server 2003 build VPN servers (chart) “/> http://hi.baidu.com/lewutianClick “ok” back “IP TAB, click” ok “application configuration,Step 5: set remote access strategies, allows certain users to dial the intoNew users and groups: point “start” – “program” – “management tools” – “computer management”, “computer management” popup dialog, the diagram below,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Select the “local users and groups”, right-click the user “-” new users “shown below configuration,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Click create “a new users.On the right side of the tree directory right click inside “group” – “new groups”, fill in the “group name”, click “add” in the pop-up “select users” dialog box, click “senior” – “immediately find”, select just set up “TEST” user users into just established group, the diagram below,Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Set the remote access strategies: in “routing and remote access” window, right click the right in directory tree “remote access strategies”, select new remote access strategies “, in the verification dialog midpoint “next” and fill in the convenience of memory “strategy name”, click “next” and select “VPN” option, click “next”, click “add” just been new group to join here, click “next”.”Next”.”Next” and “finish”, can complete the remote strategy Settings, if need new user needs behind, as long as the VPN services for building a new account user, and add just newly established “TEST” group.Step 6: set dynamic DNSWe put the dynamic DNS is put here for. Because the average enterprise access to the Internet should have fixed IP, so the client can be anytime and anywhere on the server access, And if you are a home user adoptionADSL special line, if there are generally each Internet addresses are not the same dynamic IP, so must in the VPN install dynamic DNS server software, can let the client in the network server and can always find dialed. The author used dynamic DNS software for: peanut shells, can be in www.oray.net download, install it and matters needing attention please refer to the relevant material, here no longer expatiatorySix, VPN client configurationThis end configuration relatively simple much, just to establish a dedicated connections to the VPN services can. First affirmation client also want to access the Internet network, and then the author also in Windows2003 client as an example to illustrate, other win2K operating system Settings are the same:Step 1: in desktop “online neighbors” diagram punctuation right-click select properties, after double-click new connection guide “open wizard window after click next, Then in “network connection type” window click, paragraph 2 of the “connected to my workplace network”, proceed to the next step, as shown below network connection window choice, paragraph 2 of the “virtual private network connection”; Then this connection named after click next.Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Step 2: in “VPN servers selection window, waiting for we enter the fixed content is VPN services, can be fixed IP, also can be by peanut shells software analytic out dynamic DNS (domain name need in providing the peanut shells software www.oray.net) web site, Then emergence of “available connection” the window “I just keep the default option; use” Finally, for the convenience of operation, can check “on the desktop create shortcut” options, click finish namely will first appear below VPN connection window. Input the lawful account access VPN services after operations with XP “remote desktop” function under the same. After the connection succeeds in the lower right corner espionage-reports would be an icon display.Server 2003 build VPN servers (chart) “TITLE=” Windows Server 2003 build VPN servers (chart) “/>Step 3: after connection of sharing operation, as long as there have been some LAN using experience friends should know how to do it? One way is by “neighbors” online search VPN server-side Shared directory, The alternative is to enter VPN services in the browser fixed at IP address or dynamic DNS is also can open Shared directory resources. It has been told in the same local area network operation that makes no difference, nature also can be directly click on a video broadcast, save files downloaded this step time.Seven, summarizesHere we have achieved by using a Windows Server2003 operating system does a NAT and VPN remote access server, realize company or family to share Internet remote access and VPN access local LAN, realize the portable office. But this server in safety and function has a certain defects, I will be in the behind of the articles have introduced structures based on L2TPOVER IPSEC VPN servers, in order to enhance the security of data transmission in the network. Introduce structures based on Microsoft Internet SecurityAnd Acceleration (ISA) Server 2006 firewall remote access Server, introduced based on MicrosoftInternet Security and
No comments:
Post a Comment