Export (0) Print
Expand All

VPN Remote Access for Employees (VPN with Windows Server 2003)

Updated: January 1, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Remote access for Electronic, Inc. employees is deployed by using remote access VPN connections across the Internet based on the settings configured in the Common Configuration for the VPN Server section of this paper and the following additional settings.

Figure 2 shows the Electronic, Inc. VPN server that provides remote access VPN connections.

Art Image

Figure 2: The Electronic, Inc. VPN server that provides remote access VPN connections

Domain Configuration

For each employee that is allowed VPN access:

  • The remote access permission on the dial-in properties of the user account is set to Control access through Remote Access Policy.

  • The user account is added to the VPN_Users Active Directory group.

Remote Access Policy Configuration

To define the authentication and encryption settings for remote access VPN clients, the following common remote access policy is created:

Policy name: Remote Access VPN Connections

Access method: VPN

User or Group Access: Group with the EXAMPLE\VPN_Users group selected

Authentication Methods: Extensible Authentication Protocol with the Smart card or other Certificate type, Microsoft Encrypted Authentication version 2 (MS-CHAP v2), and Microsoft Encrypted Authentication (MS-CHAP) selected

Policy Encryption Level: Strong encryption and Strongest encryption selected

PPTP-based Remote Access Client Configuration

On the Windows XP remote access client computers, the New Connection Wizard is used to create a VPN connection with the following settings:

Network Connection Type: Connect to the network at my workplace

Network Connection: Virtual Private Network connection

Connection Name: Electronic, Inc.

VPN Server Selection: vpn.electronic.example.com

Connection Availability: Anyone's use

L2TP/IPSec-based Remote Access Client Configuration

The remote access computer logs on to the Electronic, Inc. domain using a local area network (LAN) connection to the Electronic, Inc. intranet and receives a computer certificate through autoenrollment. Then, the New Connection Wizard is used to create VPN connection with the following setting:

Network Connection Type: Connect to the network at my workplace

Network Connection: Virtual Private Network connection

Connection Name: Electronic, Inc.

VPN Server Selection: vpn.electronic.example.com

Connection Availability: Anyone's use

From the Connect Electronic, Inc. dialog box, click Properties, and then click the Networking tab.

On the Networking tab, Type of VPN is set to L2TP/IPSec VPN. When Type of VPN is set to Automatic, a PPTP connection is tried first. In this case, the network administrator for Electronic, Inc. does not want remote access clients that are capable of establishing an L2TP/IPSec connection to use PPTP.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft