Overview of Deploying Dial-up and VPN Remote Access Servers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To support users who require access to your network from remote locations, you can deploy a dial-up network, a VPN, or a combination of both. Dial-up networking enables remote users to dial in directly to a remote access server on your network using a phone line. A virtual private network (VPN) enables remote users who are connected to the Internet to establish a connection to a VPN server on your network.

In deciding which solution will best serve your organization, consider the relative cost-effectiveness of each solution and how well it meets your organization’s requirements for security and availability. Also consider the network infrastructure of the intranet needed to support your remote access server design. Without proper design of the supporting infrastructure, remote access clients cannot obtain IP addresses and resolve intranet names, and packets cannot be forwarded between remote access clients and intranet resources.

Use the process described in this chapter to design and deploy a new remote access solution or to reexamine and improve your existing infrastructure. If you already have a dial-up or VPN infrastructure, you might benefit from replacing existing components because of anticipated obsolescence or failure of components, scalability limitations, or increased security requirements.

Before you begin work on your remote access server design, your organization should have deployed the following supporting technologies.

  • Active Directory® directory service to store and manage information about network resources.

  • A Public key infrastructure (PKI) to enable the use of certificate-based authentication.

  • Internet Authentication Service (IAS) to provide authentication and authorization for dial-up and VPN network access. As a RADIUS server, Windows Server 2003 IAS performs authentication and authorization on behalf of any remote access server configured as a RADIUS client.

All editions of Windows Server 2003 support VPN connections. However, some limitations apply to the Microsoft® Windows® Server 2003, Web Edition, and Windows® Server 2003, Standard Edition, operating systems. On computers running either of these operating systems, you can create as many as 1,000 connections, using Point-to-Point Tunneling Protocol (PPTP) ports or Layer Two Tunneling Protocol (L2TP) ports. Windows Server 2003, Standard Edition, can accept 1,000 concurrent VPN connections; however, Windows Server 2003, Web Edition, accepts only one VPN connection at a time. For more information about features included in Windows Server 2003, Web Edition, see "Overview of Windows Server 2003, Web Edition" in Help and Support for Windows Server 2003.