Configuring TCP/IP on the VPN Server

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After configuring the server as a remote access server, configure the TCP/IP settings for the Internet or perimeter network interface and for the intranet interface.

Note

  • Because of routing issues related to configuring TCP/IP automatically, it is recommended that you not configure a VPN server as a DHCP client. Instead, manually configure TCP/IP on the intranet interfaces of a VPN server. For a full discussion of the routing options for a VPN server, see "Configuring Routing on a VPN Server" later in this chapter.

Manually configure the Internet or perimeter network interface of the VPN server with a default gateway. Configure the TCP/IP settings with a public IP address, a subnet mask, and the default gateway of either the firewall (if the VPN server is connected to a perimeter network) or an ISP router (if the VPN server is connected directly to the Internet).

To configure TCP/IP for the Internet or perimeter network interface

  1. In Control Panel, double-click Network Connections, and then double-click the network adapter for the Internet or perimeter network interface.

  2. In the network adapter status dialog box (for example, Local Area Connection Status), click Properties.

  3. SelectInternet Protocol (TCP/IP), and then click Properties.

  4. On the General tab, configure the IP address, subnet mask, and default gateway.

    The IP address must be a public IP address assigned by an ISP. As an option, you can configure the VPN server with a private IP address but assign it a published static IP address by which it is known on the Internet. When packets are sent to and from the VPN server, a NAT that is positioned between the Internet and the VPN server translates the published IP address to the private IP address.

    When you configure a VPN connection, give your VPN servers names that can be resolved to IP addresses using DNS.

  5. Click Advanced to display the Advanced TCP/IP Settings dialog box.

  6. To prevent the VPN server from dynamically registering the public IP address of its Internet interface with an intranet DNS server, on the DNS tab, clear the Register this connection’s addresses in DNS check box. This check box is cleared by default.

  7. To prevent the VPN server from registering the public IP address of its Internet interface with intranet WINS servers, on the WINS tab, select the Disable NetBIOS over TCP/IP check box. This check box is selected by default.

When you configure TCP/IP for the VPN server’s intranet interface, do not configure the default gateway on the intranet connection. This will prevent default route conflicts with the default route pointing to the Internet.

To configure TCP/IP for the intranet interface

  1. In Control Panel, double-click Network Connections, and then double-click the network adapter for intranet interface.

  2. In the network adapter status dialog box (for example, Local Area Connection 2 Status), click Properties.

  3. Select Internet Protocol (TCP/IP), and then click Properties.

  4. On the General tab, configure the IP address, subnet mask, and DNS server address.

    To prevent default route conflicts with the default route pointing to the Internet, do not configure the default gateway on the intranet connection.

  5. Click Advanced to display the Advanced TCP/IP Settings dialog box.

  6. On the WINS tab, configure the IP addresses of your WINS servers.