There are hardware- and software-based VPN solutions. In this step-by-step guide, I will be explaining a software...
approach to creating a VPN using Microsoft products.
To create a VPN, you will need three separate Windows 2003 servers and at least one remote client. The remote client's machine needs to be running Windows XP.
The first Windows 2003 server your VPN will need is basically an infrastructure server. It must act as a domain controller, DHCP server, DNS server and certificate authority. If you already have a Windows 2003 network in place, you don't need to go out and buy a server to fit this role.
Any Windows 2003 domain will already have at least one domain controller and one server acting as a DNS server. Most Windows 2003 networks are also running DHCP services. If you already have all these services in place, the only thing you will have to worry about is setting up a certificate authority (which I show you how to do in Step 3). For now, you just need to know that the server acting as a certificate authority must be running Windows Server 2003 Enterprise Edition.
The second server you will need is a VPN server. Windows Server 2003 Standard Edition and Enterprise Edition both ship with the necessary software. Therefore, you won't need any special software on this server. The only specific hardware this server needs is two NICs. One NIC will connect to the Internet and the other will connect to your private corporate network.
The final server you will need is an authentication server. When remote users attempt to access your corporate network through a VPN, they need to be authenticated. The mechanism of choice for authenticating remote users is a RADIUS server. RADIUS is an acronym standing for Remote Authentication Dial In User Service. Microsoft includes its own version of RADIUS in Windows Server 2003 Standard Edition and Enterprise Edition. The Microsoft version of RADIUS is called Internet Authentication Service (IAS). There are no special hardware or software requirements for this server.
The last thing that I want to talk about as part of this step in the tutorial is server placement. Each of the servers I have discussed will be connected to your private network via a hub or switch. The only server that will have any external connectivity is your VPN server. It is a security risk to connect the VPN server directly to the Internet though. It is best to place a firewall in front of the VPN server so you can filter out everything but VPN traffic.
In Step 2, we'll begin the domain configuration process. Your network should contain the required Windows Server 2003 domain controller and DNS server before moving on to the next step.
HOW TO SET UP A VPN
Step 1: Setup requirements
Step 2: Implement DHCP services
Step 3: Create an enterprise certificate authority
Step 4: Install IAS
Step 5: Configure IAS
Step 6: Create a remote access policy
Step 7: Configure the VPN server
Step 8: Associate the VPN server with the DHCP server
Step 9: Configure your remote clients
Step 10: Test the client connection
Step 11: Alternate VPN configuration options
ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information visit www.brienposey.com.