Common server configurations for remote access servers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Common configurations for remote access servers

When you run the Routing and Remote Access Server Setup Wizard, the wizard prompts you to choose the configuration path that most closely resembles the remote access solution that you want to deploy. If none of the wizard configuration paths meets your needs exactly, you can further configure your server after the wizard finishes, or you can choose the custom configuration path. However, if you choose the custom configuration path, you must manually configure all elements of Routing and Remote Access. The most common remote access solutions include dial-up connections, virtual private network (VPN) connections, and secure connections between two private networks.

Remote access (dial-up)

Remote access (dial-up)

If you choose this path, the server running Routing and Remote Access is configured to allow remote access clients to connect to the private network by dialing into a modem bank or other dial-up equipment. To configure this type of server in the wizard, click Remote Access, select the Dial-up check box, and follow the steps. After the wizard finishes, you can configure additional options. For example, you can configure how the server answers the call, how the server verifies which remote access clients have permission to connect to the private network, and whether the server routes network traffic between remote access clients and the private network. For more information about dial-up connections, see Dial-Up Networking and Setting Up Dial-Up Remote Access.

Remote access (VPN)

Remote access (VPN)

If you choose this path, the server running Routing and Remote Access is configured to allow remote access clients to connect to the private network across the Internet. To configure this type of server in the wizard, click Remote Access, select the VPN check box, and follow the steps. After the wizard finishes, you can configure additional options. For example, you can configure how the server verifies which VPN clients have permission to connect to the private network and whether the server routes network traffic between VPN clients and the private network. For more information about VPNs, see Deploying VPNs for Remote Access and Common configuration for the VPN server.

Network address translation (NAT)

Network address translation (NAT)

If you choose this path, the server running Routing and Remote Access is configured to share an Internet connection with computers on the private network and to translate traffic between its public address and the private network. Computers on the Internet will not be able to determine the IP addresses of computers on the private network. To configure this type of server in the wizard, click Network address translation (NAT), and follow the steps. After the wizard finishes, you can configure additional options. For example, you can configure packet filters and choose what services to allow on the public interface. For more information about NAT, see Setting Up Network Address Translation and Translated Connection to the Internet.

VPN and NAT

Art Image

If you choose this path, the server running Routing and Remote Access is configured to provide NAT for the private network and to accept VPN connections. Computers on the Internet will not be able to determine the IP addresses of computers on the private network. However, VPN clients will be able to connect to computers on the private network as if they were physically attached to the same network. To configure this type of server in the wizard, click Virtual Private Network (VPN) access and NAT, and follow the steps. For more information about NAT and VPN, see New features for virtual private networks and Network address translation design considerations.

Secure connection between two private networks

Secure connection between two private networks

If you choose this path, two servers running Routing and Remote Access are configured to send private data securely across the Internet. You must choose this path when you run the Routing and Remote Access Server Setup Wizard on each server. The connection between the two servers can be persistent (always on) or on demand (demand-dial). To configure this type of server in the wizard, click Secure connection between two private networks, and follow the steps. After the wizard finishes, you can configure each server with additional options. For example, you can configure what routing protocols each server accepts and how each server routes traffic between the two networks. For more information about connections between two networks, see Deploying Router-to-Router VPNs, Branch Office over the Internet, and Dial-Up Branch Office Network.