LabMice.net - The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
BackOffice
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Networking
  Networking Basics
  Networking Books
  Network Mgmt
  Network Monitoring
  Browser Service
  Cabling
  DHCP
  DNS/DDNS
  ICS
  IPSec
  LMHOSTS Files
  NAT
  NetMon
  NLB\WLBS
  OSI Model
  RAS/RRAS
  SNMP
  TCP/IP
  VPN
  WINS
  Wireless
Service Packs
Scripting
Security
Utilities
Cybercheese

_______________

 




 

 

 

 

 




 

 

 

 

 

Virtual Private Networking

VPNs allow users working at home or on the road to connect in a secure fashion to a remote corporate server using the routing infrastructure provided by a public internetwork (such as the Internet). From the user©s perspective, the VPN is a point-to-point connection between the user©s computer and a corporate server. The nature of the intermediate internetwork is irrelevant to the user because it appears as if the data is being sent over a dedicated private link. VPN technology also allows a corporation to connect to branch offices or to other companies over a public internetwork (such as the Internet), while maintaining secure communications. The VPN connection across the Internet logically operates as a Wide Area Network (WAN) link between the sites. In both of these cases, the secure connection across the internetwork appears to the user as a private network communication--despite the fact that this communication occurs over a public internetwork--hence the name Virtual Private Network.
Where to Start....
Configuring a VPN Solution Step-by-Step
This document describes the requirements and setup procedures for a VPN solution. This document is also intended for the technical user who has limited understanding of VPN solution and seeks to understand them in greater detail.

HOW TO: Allow Remote Users to Access Your Network in Windows 2000 
Microsoft Knowledge Base Article: 300434 - This step-by-step article describes how to configure Windows 2000 to allow remote users to connect to your network, including how to allow dial-up connectivity through a modem and a Virtual Private Network (VPN) connection. 

How to Configure Windows 2000 Professional to Windows 2000 Professional Virtual Private Network Connections
Microsoft Knowledge Base Article: 257333 - This article describes how to configure Windows 2000 Professional to Windows 2000 Professional virtual private network (VPN) connections.

HOW TO: Provide Secure Point-to-Point Communications Across the Internet 
Microsoft Knowledge Base Article: 301194 - This step-by-step article describes how to install and configure a virtual private network (VPN - to provide secure point-to-point communications across a private network or the Internet. 

Microsoft Internet Services Network - VPN Homepage
Microsoft's start page for VPN, includes links to whitepapers, technical notes, and other resources.

Microsoft Virtual Private Networking Security
This white paper provides an overview of the security issues surrounding implementation of Virtual Private Networks (VPNs) using the Microsoft Windows family of operating systems. In the Windows 95, Windows 98, and Windows NT 4.0 operating systems, Microsoft provides Virtual Private Networking (VPN) support through the Point-to-Point Tunneling Protocol (PPTP). In order to respond to recently reported bugs and to enhance PPTP security, Microsoft has recently released enhancements to PPTP. With the release of the Windows 2000 operating system, Microsoft will broaden its VPN protocol support to include support for Layer 2 Tunneling Protocol (L2TP), as well as Internet Protocol Security (IPSEC) and the Extensible Authentication Protocol (EAP). This document describes these technologies, in addition to addressing security threats and countermeasures.

Overview of Microsoft Virtual Private Networking
A virtual private network (VPN) connects the components of one network over another network. VPNs accomplish this by allowing the user to tunnel through the Internet or another public network in a manner that provides the same security and features formerly available only in private network. This paper provides an overview of virtual private networks (VPNs), describes their basic requirements, and discusses some of the key technologies that permit private networking over public internetworks.

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab
This white paper describes how to configure secure remote access virtual private network (VPN) connections using the Point-to-Point Tunneling Protocol (PPTP) and the Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPSec) in a test lab using five computers. Of the five computers, one is a VPN client, one is a VPN server, one is a domain controller, certification authority (CA), and Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) server, one is a Web and file server, and one is an Internet Authentication Service (IAS) server that is acting as a Remote Authentication Dial-in User Service (RADIUS) server. Source:
Microsoft.com

Support WebCast: VPN Creation in Microsoft Windows 2000
In this online support webcast, Lee Gibson will discuss and provide details about how to create and configure a virtual private network (VPN) server in Microsoft Windows 2000. We will also discuss the Point-to-Point Tunneling Protocol (PPTP) and the Layer Two Tunneling Protocol (L2TP). Source: Microsoft.com

Virtual Private Networking and Intranet Security
This paper explains the Microsoft commitment to support Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IPSec protocol to address diverse customer requirements, and details Microsoft plans for implementing these protocols on the Windows operating systems.

Virtual Private Networking: An Overview
A decent whitepaper from the MSDN Online Web Workshop. A decent whitepaper from the MSDN Online Web Workshop.

Virtual Private Networks
A primer on Virtual Private Networking by Cris Banson, Windows NT Systems, May 1999.

Windows 2000 Virtual Private Networking Scenario 
The use of both public and private networks to create a network connection is called a virtual private network (VPN). In this scenario, Electronic, Inc., a fictional company, has deployed Windows 2000 Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) VPN technologies to create secure remote access, branch office, and business partner connectivity solutions. This paper describes the design and configuration of the Electronic, Inc. VPN and dial-up remote access infrastructure. Source: Microsoft.com (March 22, 2000)

WebCast: VPN Creation in Microsoft Windows 2000   
Level:200 In this session, we will discuss and provide details about how to create and configure a virtual private network (VPN) server in Microsoft Windows 2000. We will also discuss the Point-to-Point Tunneling Protocol (PPTP) and the Layer Two
Tunneling Protocol (L2TP).

Articles, Whitepapers, and Online Courses
Administrator's Guide to Microsoft L2TP/IPSec VPN Client
The Microsoft L2TP/IPSec VPN Client is a free Web download that allows computers running Windows 98/ME, and Windows NT© Workstation 4.0 to use Layer Two Tunneling Protocol (L2TP) connections with Internet Protocol Security (IPSec). This article provides an overview of L2TP/IPSec VPN connections and includes instructions about how to deploy and troubleshoot Microsoft L2TP/IPSec VPN Client

Configuring a VPN to Use Extensible Authentication Protocol (EAP)
Microsoft Knowledge Base Article: 259880 - This article describes how to use Extensible Authentication Protocol (EAP) to create more secure Virtual Private Network (VPN) configurations. 

Create a Remote Access Server for a Windows 2000-Based Server in a Workgroup
Microsoft Knowledge Base Article: 254316 - This article explains how to create a simple remote access server for a Windows 2000 Server-based computer that belongs to a workgroup and not a domain. The resulting server allows users with local accounts to connect by using dial-up, virtual private network (VPN), or direct (InfraRed or parallel ports) connections. However, only limited authentication methods are supported by Incoming Connections Server. Clients can connect by using only MSCHAP or MSCHAPv2 authentication. A default Remote Access Policy is applied. 

HOW TO: Install and Configure a Virtual Private Network Server in Windows 2000 
Microsoft Knowledge Base Article: 308208 - This article describes how to install virtual private networking (VPN) and how to create a new VPN connection in Windows 2000

Increasing Security on Windows 2000 VPN Server
Microsoft Knowledge Base Article: 255784 - A Windows 2000 virtual private network (VPN) server that is configured by using the Routing and Remote Access Services (RRAS) Setup Wizard is installed with a default set of Input and Output filters. These filters support Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IP Security Protocol (IPSec) connectivity. The filters are generic and can be modified to tighten security on a VPN server. This article describes modifications that you can make to these filters to increase security. All filter configurations mentioned in this article should be tested prior to being deployed in a production environment. 

OSPF over RRAS Dial-on-Demand and VPN Connections in Windows 2000
Microsoft Knowledge Base Article: 241540 - This article describes how to implement Open Shortest Path First (OSPF) over Routing and Remote Access Service (RRAS) Dial-on-Demand (DOD) connections in Windows 2000. The implementation of this protocol is the same for both direct-dial modem connections and virtual private networking (VPN) connections over the Internet.

RRAS VPN Dial-On-Demand Failover Mechanism
Microsoft Knowledge Base Article: 262990 - This article describes the failover mechanism of dial-on-demand (DOD) Virtual Private Network (VPN) interfaces in Routing and Remote Access Service (RRAS) in Windows 2000. 

Using Certificates for Windows 2000 and Cisco IOS VPN Interoperation
Microsoft Knowledge Base Article: 249125 - Windows 2000 can use a computer certificate for Internet Key Exchange (IKE) authentication to establish an IP Security (IPSec) tunnel or a Layer 2 Tunneling Protocol (L2TP) over IPSec session. IPSec can use certificates from Microsoft, Verisign, Entrust, Netscape, or any other Certificate Authority (CA). 

VPN Tunnels - GRE Protocol 47 Packet Description and Use
Microsoft Knowledge Base Article: 241251 - The Generic Route Encapsulation (GRE) protocol is used in conjunction with Point-to-Point Tunneling Protocol (PPTP) to create virtual private networks (VPNs) between clients or between clients and servers. 

Windows Virtual Private Network Connectivity to Cisco PIX Firewall
Microsoft Knowledge Base Article: 249576 - Cisco PIX Firewall supports the same IPSec tunnel mode client supported by Internetwork Operating System (IOS), which is licensed from Information Resource Engineering (IRE). Layer 2 Tunneling Protocol (L2TP) is not currently supported by Cisco 

Windows VPN Compatibility with Cisco VPN
Microsoft Knowledge Base Article: 249278 - Windows 2000 Virtual Private Network (VPN) connectivity has been tested with Cisco Internetwork Operating System (IOS) versions 12.0.5T and 12.0.6T. This article describes the supported scenarios for compatibility between these two programs 

Windows Virtual Private Network Connectivity to Cisco PIX Firewall
Microsoft Knowledge Base Article: 249576 - Cisco PIX Firewall supports the same IPSec tunnel mode client supported by Internetwork Operating System (IOS), which is licensed from Information Resource Engineering (IRE). Layer 2 Tunneling Protocol (L2TP) is not currently supported by Cisco 


Known Bugs and Issues

15 Tips for Troubleshooting VPN Connections
Troubleshooting a VPN is complex because the data travels through many links. Check out these troubleshooting tips tailored to specific VPN connection problems. Source: Windows & .NET Magazine (April 2000)

Cannot Grant Dial-in Access to a User from an ADSI Script
Microsoft Knowledge Base Article: 252398 - When you create a user from an Active Directory Services Interface (ADSI) script in Windows 2000, you cannot enable the Remote Access Service (RAS) "Allow Access" permission in the Remote Access Permission (Dial-in or VPN) section of the Dial-In tab in the user's properties. 

Cannot Use Shared Internet Connection While Connected to a VPN
Microsoft Knowledge Base Article: 247431 - When you are using a shared Internet connection for a local area network (LAN) on a computer running Microsoft Windows 2000 Professional and then establish a virtual private network (VPN) connection, the computers that are using the shared connection can no longer connect to the Internet.

Cannot Use Wlbs.exe Remote Control Commands From Load Balanced VPN Servers
Microsoft Knowledge Base Article: 269004 - If you use the Wlbs.exe command line to remotely control a Network Load Balancing (NLB) cluster node that is part of an NLB cluster that is load balancing Point-to-Point Tunneling Protocol (PPTP) services, you may receive the following error: C:\wlbs query 192.168.0.1
WLBS Cluster Control Utility V2.3. (c) 1997-99 Microsoft Corporation Accessing cluster '192.168.0.1' (192.168.0.1): Did not receive response from the cluster
 

Client VPN IP Address Must Be Used When You Add Static Routes for Windows 2000 VPN Interface
Microsoft Knowledge Base Article: 259171 - The Windows 2000 Resource Kit incorrectly states that the IP address of the VPN server should be used as the gateway address when adding static routes for the VPN interface. 

Enabling VPN in RRAS Causes Connection Issues to Remote Networks
Microsoft Knowledge Base Article: 243374 - RRAS does not forward packets after you enable Virtual Private Network (VPN).

Error Message: Error 930; The Authentication Server Did Not Respond to Authentication Requests in a Timely Fashion 
Microsoft Knowledge Base Article: 299684 - When you set up Internet Authentication Service (IAS - for Routing and Remote Access service (for either virtual private network [VPN] or dial-up traffic) , the client computers may receive the following error message: 

Error Message: "Error 623 The System Could Not Find the Phone Book Entry for this Connection" When Making a VPN Connection
Microsoft Knowledge Base Article: 227391 - When you try to connect to a Virtual Private Connection in Network and Dial-up Connections, the following error message is displayed: 

Error Message Is Displayed When Setting Up a Virtual Private Network on Windows 2000 in a Windows NT 4.0 Domain
Microsoft Knowledge Base Article: 260027 - When you use Microsoft Windows 2000 Server in a Microsoft Windows NT 4.0 domain, and the Active Directory utility is not installed, you may receive the following error message when you try to set up a remote access server (RAS) or Virtual Private Networking 

PPTP Clients Cannot Connect to Windows 2000 PPTP Server
Microsoft Knowledge Base Article: 266460 - When a Microsoft Windows 2000 Server is configured as a Point-to-Point Tunneling Protocol (PPTP) server and PPTP clients from either Microsoft Windows NT, Windows 2000, or Windows 95 or 98 try to establish a PPTP session, they receive the following error message: Error 649 Login failed: username, password, or domain was incorrect.

Only the Offline Files Are Displayed When You Use a Remote Access or Virtual Private Network Connection
Microsoft Knowledge Base Article: 290523 - When you connect to a network by using either a remote access or virtual private network (VPN) connection, you can browse the network as well as ping servers and receive a reply, but if you attempt to view the shared resources on a server, you can observe only the files that have been made available offline. 

Routing and Remote Access Wizard for VPN Server Creates Non-Specific Input and Output Filters
Microsoft Knowledge Base Article: 260926 - When you setup a VPN server by using the Routing and Remote Access (RRAS) Configuration Wizard, you are asked to specify an Internet connection. When you select an adapter from the list presented, input and output filters are assigned to each 

Standby or Hibernation Mode Disconnects ISDN, Modem and VPN Connections
Microsoft Knowledge Base Article: 227618 - When you manually put a computer running Windows 2000 into a Standby or Hibernation mode, any ISDN, modem, or VPN connection is disconnected. 

VPN Client Connection Stops Working After Hibernate or Standby
Microsoft Knowledge Base Article: 263965 - Virtual Private Network (VPN) connections from a Windows 2000 client may stop working after the computer resumes from Hibernate or Standby mode if the.. 

VPN Connections Dropped When Computer Goes Into Standby Mode
Microsoft Knowledge Base Article: 216479 - When your computer goes into Standby mode, all active Virtual Private Network (VPN) connections may be disconnected. 

VPN Connection Is Not Available for Logon with Dial-Up Networking
Microsoft Knowledge Base Article: 231426 - When you log on using the "Log on using Dial-Up Networking" option, your recently created virtual private networking (VPN) connection may not be listed. 

VPN That Uses MS-CHAP Authentication Does Not Connect to RRAS Server
Microsoft Knowledge Base Article: 289732 - When you create a virtual private network (VPN) connectoid to the IP address of an RRAS server that has Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) authentication enabled, the VPN may not work.

Windows 2000 NAT Does Not Translate Netlogon Traffic
Microsoft Knowledge Base Article: 263293 - When you try to log on to a domain from a computer that is running Microsoft Windows NT 4.0, Microsoft Windows 95, or Microsoft Windows 98, and is located behind a Windows 2000-based server that is performing network address translation (NAT) 

You Cannot Connect to the Internet After You Connect to a VPN Server 
Microsoft Knowledge Base Article: 317025 - After you use a Virtual Private Network (VPN) connection to log on to a server that is running Routing and Remote Access, you may be unable to connect to the Internet. 

ZoneAlarm Firewall Software Prevents VPN Connection Through PPTP
Microsoft Knowledge Base Article  Q285549 - When your Microsoft Windows 2000 Professional-based computer is running the Zone Labs ZoneAlarm firewall software, you may find that you cannot establish a Virtual Private Network (VPN - connection by using the Point-to-Point Tunneling Protocol 

 
 

PowerConnect 468x60

Entire contents
© 1999-2003 LabMice.net and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.