Set up Remote Access PPTP VPN’s in Windows Server

KB ID 0000103

Problem

You want to provide access to your corporate network for your remote users.

Solution

Installing the Server Role

1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles > Select Network Policy and Access Services > Next > Next

2. Select Remote Access Service > Next > Install > The Service will take awhile to install (Coffee time!).

3. When Done > Close.

4. Start > Administrative tools > Routing and Remote Access > The Server will have a red “down” Arrow on it > Right Click the Server and Select “Configure and enable routing and remote access”

5. Next > Select “Custom Configuration” > Next. (Note: I’m selecting this because I only Have One NIC and I want to use this NIC).

6. VPN Access > Next.

7. When Promoted Select “Start Service” > The Service will start > you can now close the Routing and Remote Access Console.

8. Ensure the user who needs to connect has been granted (either directly or through Policy).

Firewall Note:

For this to work two things need to happen, TCP Port 1723 needs to be allowed (or Port) forwarded to the Server. And GRE (Generic Routing Encapsulation) needs to be allowed to the server. GRE is a PROTOCOL and NOT a Port so you cannot simply Port forward it, it need to be allowed directly to the server, so the server needs a public IP address to allow it to.

Cisco PIX / ASA Users Click Here

Set Up the Client PC’s

Vista & Windows 7

1. Start > Control Panel > Network and sharing Center > Connect to a Network > Set up a Connection or Network > Connect To a Workplace > Next.

2. Use My Internet Connection (VPN) > Enter the public IP address of the VPN server > Enter a Name for the Connection > Next > Enter your Domain Logon details > Connect.

Note sometimes you need to put the username in user_name@domain_name.com format

Windows 2000, 2003, & XP

1. Start > run > NCPA.CPL {Enter}> File > New Connection > Next > Connect to the Network at my workplace > Next.

2. Virtual Private Network Connection > Next.

3.Enter the Public IP Address of the VPN Server. > Next > Select who can use the connection > Next > Finish > Enter the username and password > Connect.

Related Articles, References, Credits, or External Links

Using the Microsoft VPN client through Cisco ASA/PIX

HP MSM Controller – Using RADIUS With Windows Server

KB ID 0000922 

Problem

I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement!

In the end, as the client only had a few laptops for wireless access, we had to set NPS to allow access to domain users, then filter the devices that were allowed on the MSM controller via MAC address.

Solution

1. Launch Server Manager (Servermanager.msc) Roles > Add Roles > Network Policy and Access Services > Next.

2. Accept the defaults, but on the Role Services page select ‘Network Policy Server’.

3. Expand Network Policy and Access Services > Right click NPS (Local) > Register in Active Directory > Accept the defaults.

4. Expand RADIUS Client and Servers > RADIUS Clients > New.

5. Specify a name > The IP address of the MSM controller > type in a shared secret and confirm it (this can be anything but remember it, as you need to enter it on the controller later > OK.

6. Expand Policies > Network Policies > New.

7. Give it a name > Next.

8. Add in Windows Groups and select the user group you wish to grant access to > OK > Add > Next.

9. Add in ‘Microsoft Protected EAP (PEAP)’ > OK > Next.

10. Move your newly created policy to the top.

11. Now create a new ‘Connection Request Policy’.

12. Add in NAS Port Type > Select Ethernet and Wireless – IEEE 802.11 > OK > Next.

13. Move your new policy to the top.

14. Log into the MSM > Home > Authentication > RADIUS Profiles > Add New Profile.

15. Give the policy a name > Enter the IP address of the NPS server > Then type in the shared secret, (you created in step 5.) > Save.

16. On the VSC for the wireless network you want to enable RADIUS for > Set Wireless protection to WPA > Mode to WPA2 (AES/CCMP) > Key source to Dynamic > Your RADIUS profile should be added automatically > Save.

 

Related Articles, References, Credits, or External Links

NA