Escolar Documentos
Profissional Documentos
Cultura Documentos
Page 1 of 10
To print: Select File and then Print from your browser's menu -------------------------------------------------------------This story was printed from CNETAsia. --------------------------------------------------------------
Dial-up modem serial interface Infrared interface Parallel port interface VPN interface
While its unlikely, a Windows XP Professional machine with the above configuration could conceivably accept up to four simultaneous RAS connections. However, the typical configuration consists of a single RAS client connection, either through a dial-up modem interface or a VPN interface.
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
CNETAsia : Printer Friendly - Configure Windows XP Professional to be a VPN server Create an incoming connection with the New Connection Wizard Like Windows 2000 Professional, Windows XP Professional includes a New Connection Wizard. Ill show you how to use the New Connection Wizard to create the new VPN server interface. In this example, Ill assume the Windows XP Professional machine is not a member of a Windows NT 4.0 or Windows 2000 domain. The machine has two network interface cards; one is directly connected to the Internet, and the other is connected to the internal LAN. In addition, the external interface of the machine is configured for Internet Connection Sharing (ICS). While ICS changes the IP address of the LAN interface of the ICS computer to 192.168.0.1 through 16, it's easy to change the IP address to one that fits the existing network environment. The IP address of the LAN interface of the ICS computer was changed to 10.0.0.1 through 24 to fix the preexisting network configuration. How to create the VPN server interface, step-by-step 1. Click Start | Control Panel. 2. In the Control Panel, open the Network Connections applet. 3. In the Network Connections window (see Figure A), open the New Connection Wizard. Figure A
Page 2 of 10
4. On the Welcome To The New Connection Wizard page, click Next. 5. On the Network Connection Type page (see Figure B), select the Set Up An Advanced Connection option. Figure B
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
Page 3 of 10
On the Advanced Connection Options page (see Figure C), select the Accept Incoming Connections option and click Next. Figure C
7. On the Devices For Incoming Connections page (see Figure D), you can select optional devices on which you want to accept incoming connections.
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
Page 4 of 10
Note that you are not presented with any of the network interfaces on the computer.
8. On the Incoming Virtual Private Network (VPN) Connection page (see Figure E), select the Allow Virtual Private Connections option and click Next. Figure E
9. On the User Permissions page (see Figure F), select the users that are allowed to make
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
CNETAsia : Printer Friendly - Configure Windows XP Professional to be a VPN server incoming VPN connections. Click Next. Figure F
Page 5 of 10
Any user that isnt selected wont be able to initiate an incoming connection.
10. On the Networking Software page (see Figure G), click on the Internet Protocol (TCP/IP) entry and click the Properties button. Figure G
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
Page 6 of 10
11. In the Incoming TCP/IP Properties dialog box (see Figure H), place a check mark in the Allow Callers To Access My Local Area Network check box. This will allow VPN callers to connect to other computers on the LAN. If this check box isnt selected, VPN callers will only be able to connect to resources on the Windows XP VPN server itself. Click OK to return to the Networking Software page and then click Next. Figure H
12. On the Completing The New Connection Wizard page, click Finish to create the connection. After the Incoming Connection is complete, right-click on the connection in the Network Connections window and select the Properties command (see Figure I). Figure I
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
Page 7 of 10
Note that on the General tab of the Incoming Connections Properties page (see Figure J) that no devices are listed. The comment No Hardware Capable Of Accepting Calls Is Installed isnt true, since you can now create VPN connections to both network interface cards. In practice, there is no point in creating a VPN connection to the internal interface card.
Page 8 of 10
VPN clients will only call the external IP address of the Windows XP Professional VPN server.
VPN server optimization tips The New Connection Wizard made it easy to create the VPN server interface, but you can still do more to optimize your VPN connections. First, note that you can create PPTP or L2TP/IPSec VPN connections. Figure K shows the connection status dialog box of a Windows XP VPN client connected to a Windows XP VPN server. Note that MPPE 128-bit encryption is automatically enabled and that Microsoft CHAP v2 is used for authentication. Figure K
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
Page 9 of 10
If both machines had machine certificates from the same Certification Authority installed, an L2TP/IPSec VPN link could have been negotiated.
If you want the VPN client to access resources on the internal network, the IP address assigned to the VPN client should be on the same network ID as the internal interface of the Windows XP VPN server computer. In addition, all the machines on the internal network should have a default gateway set using the IP address of the internal interface of the Windows XP VPN server. In the unlikely event that the SOHO has multiple network segments, the routing table on the Windows XP VPN server needs to be configured with paths to the various internal network IDs. You can use the ROUTE ADD command to create these routing table entries. Small networks that use a Windows XP Professional machine for a VPN server probably wont have network services such as WINS or DNS. If name resolution on the private network is an issue for the VPN client, then you should create a LMHOSTS file, a simple text file that contains name and IP address mappings. For example, the following line could represent an entry in an LMHOSTS file: 10.0.0.2 DEFIANT The VPN client must be configured with an IP address or host name for the Windows XP Professional VPN server. If the Windows XP Professional client has a dedicated link to the Internet and a static IP address, you can use that IP address in the VPN client configuration interface. However, if the Windows XP Professional VPN server is assigned an IP address via DHCP, youll have to use an Internet host name and a method of registering the host name dynamically. A couple of services you might want to look into are TZO and DYNDNS. Both of these services will let you dynamically register a computers IP address into the public DNS database. Conclusion Windows XP Professional provides simple VPN server capabilities that let you connect single VPN clients to your internal network, one at a time. If the Windows XP Professional computer has a dedicated connection to the Internet, you can connect to that computer from virtually anywhere in the world using a VPN link. The VPN server setup is simple and can accept calls from any
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04
CNETAsia : Printer Friendly - Configure Windows XP Professional to be a VPN server Windows PPTP or L2TP/IPSec client.
Page 10 of 10
http://asia.cnet.com/enterprise/netadmin/printfriendly.htm? AT=39050037-39035505t-39000223c
12/3/04