How To Configure a VPN Server to Act as a Router in Windows Server 2003 (816573)


The information in this article applies to:

  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
For a Microsoft Windows 2000 version of this article, see 243374.

IN THIS TASK

SUMMARY

This article describes how to configure the Routing and Remote Access service to forward packets over the interface that is selected as the Internet or public interface after you configure a virtual private network (VPN) server.

When you start the Routing and Remote Access service Setup Wizard, you can configure one of the following options to provide secure remote access to your private network:
  • Remote access (dial-up or VPN)
  • Network address translation (NAT)
  • Virtual Private Network (VPN) access and NAT
  • Secure connection between two private networks
  • Custom configuration
If you select one of the VPN options, Routing and Remote Access is configured to accept incoming VPN connections. This secures the interface you select by implementing filters that only accept Point to Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP) traffic. Routing and Remote Access does not forward packets on that interface unless they are PPTP or L2TP.

back to the top

Configure the VPN Server to Act as a Router

To configure the server to act as a VPN server and a router:
  1. Start the Routing and Remote Access Server Setup Wizard:
    1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
    2. In the Routing and Remote Access utility, click your server, and then click Configure and Enable Routing and Remote Access on the Action menu.
  2. In the RRAS Setup wizard, click Next, click Custom configuration, and then click Next.
  3. Click to select the following check boxes, and then click Next:

    VPN access
    LAN routing

  4. Confirm your selections in the Summary of selections list, and then click Finish.
  5. If you are prompted to start the service, click Yes.
  6. View the remote access protocols permitted by the RRAS server. To do so:
    1. In the left pane under your server, right-click Ports, and then click Properties.
    2. Click WAN Miniport (PPTP), and then click Configure.
    3. If you do not want to permit PPTP connections, click to clear the Remote access connections (inbound only) check box, and then click OK.
    4. Click WAN Miniport (L2TP), and then click Configure.
    5. If you do not want to permit L2TP connections, click to clear the Remote access connections (inbound only) check box, and then click OK.

      Important Do not click to clear the Remote access connections (inbound only) check box for both the PPTP and the L2TP protocol. Because the Routing and Remote Access service server is also configured as a router, if you remove the PPTP and L2TP filters, the Routing and Remote Access service server will route all packets from the public interface to the private network without applying any filters.
back to the top
Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbHOWTOmaster kbhowto kbNetwork KB816573
©2004 Microsoft Corporation. All rights reserved.