Setting Up a VPN on W2000

  • Thread starter Jonathan Sweeny
  • Start date
J

Jonathan Sweeny

I want to set up a PPTP VPN between two Windows 2000
machines, both running professional version.

Is that possible?

Is there any documentation that I can get get from Tech
Net to assist with this process?
I am going to be using static IP addresses on DSL service
to enable this connection. Will I need to make any
changes at the DSL router, and will I have to enable NAT
as well.

Genuine thanks for any assistance that could be provided.

Jonathan
 
P

Phillip Windell

Yes. It is rather complex,...so follow it carefully or it won't route
properly. It is not the same as a "Remote Access VPN" that has "humans"
dialing into it, so don't confuse the two. It is called "Site-to-Site VPN"
or "Router-to-Router VPN" or "Office-to-Office VPN" depending and what and
where you read about it.

There are separate articles for 2000 and 2003 although they are pretty much
identical. I don't know of anything for NT4.0 RRAS and there are differences
in RRAS between the three, especially with the old NT4.0 RRAS.

[for Windows 2003]
Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site
VPNs
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndpls2.mspx

[for Windows 2000]
Virtual Private Networking with Windows 2000: Deploying Router-to-Router
VPNs
http://www.microsoft.com/windows2000/server/evaluation/features/deplyr2rvpn.asp
 
S

Steven L Umbach

Sure. See the link below on how to do it. Keep in mind that a W2K Pro computer can
accept only one connection at a time. You will have to configure your router to port
forward to port 1723 tcp and allow protocol 47 gre which commonly is referred to as
"pptp pass through" on common nat routers. I found on a Linksys router [the original
wired one] that I had to disable SPI to allow pptp pass trough to work. I would also
configure the connectoid on your client vpn to connect to your vpn server side of the
connection by entering the public IP address at the server end and if possible
configure your router to accept port 1723 inbound only from your client IP public
address. Also configure your vpn client connectoid in properties/networking to use
pptp instead of auto as W2K will always try l2tp first if auto is selected. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;257333
 
P

Phillip Windell

Ah! I missed the part about them both eing Win2kPro.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Steven L Umbach said:
Sure. See the link below on how to do it. Keep in mind that a W2K Pro computer can
accept only one connection at a time. You will have to configure your router to port
forward to port 1723 tcp and allow protocol 47 gre which commonly is referred to as
"pptp pass through" on common nat routers. I found on a Linksys router [the original
wired one] that I had to disable SPI to allow pptp pass trough to work. I would also
configure the connectoid on your client vpn to connect to your vpn server side of the
connection by entering the public IP address at the server end and if possible
configure your router to accept port 1723 inbound only from your client IP public
address. Also configure your vpn client connectoid in properties/networking to use
pptp instead of auto as W2K will always try l2tp first if auto is selected. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;257333

Jonathan Sweeny said:
I want to set up a PPTP VPN between two Windows 2000
machines, both running professional version.

Is that possible?

Is there any documentation that I can get get from Tech
Net to assist with this process?
I am going to be using static IP addresses on DSL service
to enable this connection. Will I need to make any
changes at the DSL router, and will I have to enable NAT
as well.

Genuine thanks for any assistance that could be provided.

Jonathan
Click to expand...
Click to expand...
 
S

Steven L Umbach

I do it myself also, easy enough to do when we only have so much time in the day. I
enjoy reading your advice on the NG. --- Steve MVP Windows Security

Phillip Windell said:
Ah! I missed the part about them both eing Win2kPro.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Steven L Umbach said:
Sure. See the link below on how to do it. Keep in mind that a W2K Pro computer can
accept only one connection at a time. You will have to configure your router to port
forward to port 1723 tcp and allow protocol 47 gre which commonly is referred to as
"pptp pass through" on common nat routers. I found on a Linksys router [the original
wired one] that I had to disable SPI to allow pptp pass trough to work. I would also
configure the connectoid on your client vpn to connect to your vpn server side of the
connection by entering the public IP address at the server end and if possible
configure your router to accept port 1723 inbound only from your client IP public
address. Also configure your vpn client connectoid in properties/networking to use
pptp instead of auto as W2K will always try l2tp first if auto is selected. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;257333

Jonathan Sweeny said:
I want to set up a PPTP VPN between two Windows 2000
machines, both running professional version.

Is that possible?

Is there any documentation that I can get get from Tech
Net to assist with this process?
I am going to be using static IP addresses on DSL service
to enable this connection. Will I need to make any
changes at the DSL router, and will I have to enable NAT
as well.

Genuine thanks for any assistance that could be provided.

Jonathan
Click to expand...
Click to expand...
Click to expand...
 
P

Phillip Windell

Steven L Umbach said:
I do it myself also, easy enough to do when we only have so much time in the day. I
enjoy reading your advice on the NG. --- Steve MVP Windows Security
Click to expand...

Thank you sir!

Hey,...MVP Windows Security? We may have met at the last MVP Summit. I'm
from MVP ISA/Proxy and in a few of the meetings they put us in the same room
together and only spearated us when we dealt with ISA specific stuff. I was
usually sitting with Tom Shinder or Dieter Rauscher most of the time.
 
S

Steven L Umbach

Hi Phillip.

I was unable to make it this year due to work obligations which was disheartening to
say the least but am very hopeful on next spring. Maybe will see you then. Sounds
like you had a great time! --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN....May be Off Topic 7
VPN vs. VLAN 5
PPPoE Connection with DSL router (bridged) 1
Ports opened in router show up as closed with external port scan 1
Can't get L2TP VPN working with NAT...PPTP works fine 4
win2k server, dsl, vpn's, and ics Question 2
Residential ISP VPN Provider 0
VPN connects but cannot browse network 10

Top