8.6.4.2            How to Configure a VPN server

To further configure the VPN server as required, follow these steps.

Configure Remote Access Server as a Router

For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.

To configure the server as a router:

1.       Click Start, point to Administrative Tools, and then click Routing and Remote Access.

2.       Right-click the server name, and then click Properties.

3.       On the General tab, click to select Enable This Computer As A Router.

4.       Select either Local area network (LAN) routing only or LAN and demand-dial routing. Click OK to close the Properties dialog box.

Configure PPTP Ports

Confirm the number of PPTP ports that you need. To verify the number of ports or to add ports, follow these steps:

1.       Click Start, point to Administrative Tools, and then click Routing and Remote Access.

2.       In the console tree, expand Routing and Remote Access, expand the server name, and then click Ports.

3.       Right-click Ports, and then click Properties.

4.       In the Ports Properties dialog box, click WAN Miniport (PPTP), and then click Configure.

5.       In the Configure Device dialog box, select the maximum number of ports for the device, and then select the options to specify whether the device accepts incoming connections only, or both incoming and outgoing connections.

Access by User Account

If you are managing remote access on a user basis, click Allow Access on the Dial-In tab of the user's Properties dialog box for those user accounts that are allowed to create VPN connections. If the VPN server is allowing only VPN connections, delete the default remote access policy called "Allow Access If Dial-In Permission Is Enabled." Then create a new remote access policy with a descriptive name, such as VPN Access If Allowed By User Account. For more information, see Windows 2000 Help.

CAUTION:
After you delete the default policy, a dial-up client that does not match at least one of the policy configurations you create will be denied access.

If the VPN server is also allowing dial-up remote access services, do not delete the default policy, but move it so that it is the last policy to be evaluated.