Common Remote Access Configurations
Applies To: Windows Server 2008
When you run the Routing and Remote Access Server Setup Wizard, the wizard prompts you to choose the configuration path that most closely resembles the remote access solution that you want to deploy. If none of the wizard configuration paths meets your needs exactly, you can further configure your server after the wizard finishes, or you can choose the custom configuration path. However, if you choose the custom configuration path, you must manually configure all elements of Routing and Remote Access. The most common remote access solutions include virtual private network (VPN) connections, dial-up connections, and secure connections between two private networks.
Remote access (VPN)
.gif)
If you choose this path, the server running Routing and Remote Access is configured to allow remote access clients to connect to the private network across the Internet. To configure this type of server in the wizard, click Remote Access, select the VPN check box, and follow the steps. After the wizard completes the steps, you can configure additional options. For example, you can configure how the server verifies which VPN clients have permission to connect to the private network and whether the server routes network traffic between VPN clients and the private network.
Remote access (dial-up)
.gif)
If you choose this path, the server running Routing and Remote Access is configured to allow remote access clients to connect to the private network by dialing into a modem bank or other dial-up equipment. To configure this type of server in the wizard, click Remote Access, select the Dial-up check box, and follow the steps. After the wizard completes the steps, you can configure additional options. For example, you can configure how the server answers the call, how the server verifies which remote access clients have permission to connect to the private network, and whether the server routes network traffic between remote access clients and the private network.
Network address translation
.gif)
If you choose this path, the server running Routing and Remote Access is configured to share an Internet connection with computers on the private network and to translate traffic between its public address and the private network. Computers on the Internet will not be able to determine the IP addresses of computers on the private network. To configure this type of server in the wizard, click Network address translation (NAT), and follow the steps. After the wizard completes the steps, you can configure additional options. For example, you can configure packet filters and choose which services to allow on the public interface.
VPN and NAT
If you choose this path, the server running Routing and Remote Access is configured to provide NAT for the private network and to accept VPN connections. Computers on the Internet will not be able to determine the IP addresses of computers on the private network. However, VPN clients will be able to connect to computers on the private network as if they were physically attached to the same network. To configure this type of server in the wizard, click Virtual Private Network (VPN) access and NAT, and follow the steps.
Secure connection between two private networks
.gif)
If you choose this path, two servers running Routing and Remote Access are configured to send private data securely across the Internet. You must choose this path when you run the Routing and Remote Access Server Setup Wizard on each server. The connection between the two servers can be persistent (always on) or on demand (demand-dial). To configure this type of server in the wizard, click Secure connection between two private networks, and follow the steps. After the wizard completes the steps, you can configure each server with additional options. For example, you can configure which routing protocols each server accepts and the way in which each server routes traffic between the two networks.