Re: Location of VPN Server

---

• From: "Brian Cryer" <brianc@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 23 Mar 2006 11:23:53 -0000

---

If you connect your server directly to the internet then be very sure that
your firewall (routing and remote access) settings are sound. Personally,
I'd feel safer leaving it behind a router. Less risk of being hacked. At the
very least do a port scan of your server so you know what ports are open.

--
Brian Cryer
www.cryer.co.uk/brian


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O0Smj2fTGHA.4308@xxxxxxxxxxxxxxxxxxxxxxx

I agree with Svyatoslav. See the link below if you have not already where
Microsoft does not recommend using a Windows 2003 VPN using L2TP/ipsec
server behind a NAT device/firewall if that is what you are using on your
network. --- Steve

http://support.microsoft.com/kb/885348/

We do not recommend Internet Protocol security (IPSec) network address
translation (NAT) traversal (NAT-T) for Windows deployments that include
VPN servers and that are located behind network address translators. When
a server is behind a network address translator, and the server uses IPSec
NAT-T, unintended side effects may occur because of the way that network
address translators translate network traffic.


"Andy" <nes@xxxxxxxxxxxx> wrote in message
news:ulaPWhZTGHA.1576@xxxxxxxxxxxxxxxxxxxxxxx

Hi

If you where to set up a VPN Server, where would you typical place it?
I plan to set up a W2K3 server as a VPN server for out little network.
Should we locate it in the DMZ or could we safely located within our
internal LAN and only open the necessary ports to allow inbound
connection to it? We plan to use L2TP/Ipsec with digital certifictes.

/A.

.

---

• Follow-Ups:
  • Re: Location of VPN Server
    • From: Steven L Umbach

• References:
  • Location of VPN Server
    • From: Andy
  • Re: Location of VPN Server
    • From: Steven L Umbach

• Prev by Date: Re: Create Certificate Request for Windows2003 certificate authority without using website
• Next by Date: Is Windows 2003 firewall safe?
• Previous by thread: Re: Location of VPN Server
• Next by thread: Re: Location of VPN Server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Outgoing POP3 email missing/lost/not received ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ... (microsoft.public.windows.server.sbs) Re: Connect the SBS to a remote IIS for Internet Printing ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ... (microsoft.public.windows.server.sbs) Re: ISA 2006 Basic Configuration ... Why would we point Preferred DNS to itself? ... Configuring the Internal Network Interface ... In the Internet Protocol Properties dialog box, ... Select the Use the following DNS server addresses option. ... (microsoft.public.isa.configuration) Re: SBS 2003 (no SP) - file saving over network suddenly very slow ... > resources turn to be slow in SBS 2003 environment. ... > the SBS server box? ... > Norton Internet Security, Norton System Works, and Norton Anti-Virus etc. ... > II Please ensure proper binding order of the network adapter cards. ... (microsoft.public.windows.server.sbs) RE: Server Re-Setup Help ... This newsgroup only focuses on SBS technical issues. ... If you setup network like above, ... server is transferred in internet since they have different public IP. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2006-03