Requirements for Installing RRAS as a VPN Server
Updated: February 13, 2009
Applies To: Windows 7, Windows Server 2008 R2
You need to do the following before you configure an RRAS server as a remote access VPN server.
- Determine which network interface connects to the Internet and which network interface connects to your private network.
During configuration, you will be asked to choose which network interface connects to the Internet. If you specify the incorrect interface, your remote access VPN server will not operate correctly.
- Determine whether remote clients will receive IP addresses from a DHCP server on your private network or directly from the remote access VPN server that you are configuring.
If you have a DHCP server on your private network, the remote access VPN server can lease 10 addresses at a time from the DHCP server and assign those addresses to remote clients. If you do not have a DHCP server on your private network, the remote access VPN server can assign IP addresses to remote clients from a predefined pool of addresses. You must determine that range based on your network infrastructure.
- If you are using DHCP, determine whether VPN clients are able to send DHCP messages to the DHCP server on your private network.
If a DHCP server is on the same subnet as your remote access VPN server, DHCP messages from VPN clients will be able to reach the DHCP server after the VPN connection is established. If a DHCP server is on a different subnet from your remote access VPN server, make sure that the router between subnets can relay DHCP messages between clients and the server.
- Determine whether you want connection requests from VPN clients to be authenticated by a Remote Authentication Dial-In User Service (RADIUS) server or by the remote access VPN server that you are configuring.
Adding a RADIUS server is useful if you plan to install multiple remote access VPN servers, wireless access points, or other RADIUS clients to your private network. For more information, see Network Policy Server Help.
- Verify that all users have user accounts that are configured for dial-up access.
Before users can connect to the network, they must have user accounts on the remote access VPN server or in Active Directory® Domain Services (AD DS). Each user account on a stand-alone server or a domain controller contains properties that determine whether that user can connect. On a stand-alone server, you can set these properties by right-clicking the user account in Local Users and Groups and clicking Properties. On a domain controller, you can set these properties by right-clicking the user account in the Active Directory Users and Computers console and clicking Properties.