Introduction to Virtual Private Networking with Windows Server 2003: An Example Deployment

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This white paper describes how to configure common virtual private network connections for a fictional company using the Windows Server 2003 and the Windows XP operating systems. Although your network configuration may be different than those described here, you can still apply the basic concepts of virtual private networking in your network environment.

The use of both public and private networks to create a network connection is called a virtual private network (VPN). A VPN is the extension of a private network that encompasses links across shared or public networks like the Internet. With a VPN, you can send data between two computers across a shared or public network in a manner that emulates a point-to-point private link. Virtual private networking is the act of creating and configuring a virtual private network.

To emulate a point-to-point link, data is encapsulated, or wrapped, with a header that provides routing information, which allows the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The link in which the private data is encapsulated and encrypted is a VPN connection.

Electronic, Inc. is a fictional electronics design and manufacturing company with a main corporate campus in New York and branch offices and distribution business partners throughout the United States. Electronic, Inc. has implemented a VPN solution by using Windows Server 2003 to connect remote access users, branch offices, and business partners.

The VPN server at the corporate office provides both remote access and site-to-site (also known as router-to-router) Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPSec) VPN connections. In addition, the VPN server provides the routing of packets to intranet and Internet locations.

Based on the common configuration of the VPN server, the following VPN configurations are described:

  • VPN remote access for employees.

  • On-demand branch office access.

  • Persistent branch office access.

  • Extranet for business partners.

  • Dial-up and VPNs with RADIUS authentication.

Note

The example companies, organizations, products, people, and events depicted herein are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.