Discussion on:
View:
Show:
I'm using just the plain vanilla Windows 2000 Server for my home network, and its configuration was the same. Then you don't have to shell out the extra money for the Advanced Server version.
As the other post suggests, Win2k Server is all that you need. Advanced server is fine for multiple CPUs but the "advanced" features of this server alone are not needed for the implementation described in this article.
And the author forgot to mention the licensing costs for the Advanced Server solution
And the author forgot to mention the licensing costs for the Advanced Server solution
I've been considering switching from Win98SE to Win2000 Pro at home but have not because I did not want to lose ICS capabilities. Does Win2000 Pro offer something like what was discussed here or does it take the server version?
n excerpt from :
"Windows 2000 Professional supports a version of NAT ( network address translator ) called Internet Connection Sharing ( ICS ) . If you have a small office or home network, you can get shared Internet access through a single PC running Windows 2000 Professional or Win98. Get ADSL or a cable modem connect for Professional. ICS provides network address translation, address allocation, and name resolution services for the computers on your small network. It actually acts as a router with NAT, rather than a proxy server. It routes and translates the addressing of the packets into and out of the private network to the Internet. ..."
And you can find more info at the MSsite.
"Windows 2000 Professional supports a version of NAT ( network address translator ) called Internet Connection Sharing ( ICS ) . If you have a small office or home network, you can get shared Internet access through a single PC running Windows 2000 Professional or Win98. Get ADSL or a cable modem connect for Professional. ICS provides network address translation, address allocation, and name resolution services for the computers on your small network. It actually acts as a router with NAT, rather than a proxy server. It routes and translates the addressing of the packets into and out of the private network to the Internet. ..."
And you can find more info at the MSsite.
For those of us who already have a router performing these functions, the next step is to implement VPN so that, say, a satellite office LAN can be "part" of HQ's LAN. I've been struggling for a year to figure out how to do this, and everywhere I look someone is offering another $$$ box plus s/w for VPN. Doesn't W2K have a built-in VPN server? Is there a s/w solution only to get VPN going? Can you address this in your next installment?
Yes, Win2k Server does include VPN as a component or RAS. A short snippet from the Win2k Server Help:
To enable the Routing and Remote Access service
1. If this server is a member of a Windows 2000 Active Directory domain and you are not a domain administrator, instruct your domain administrator to add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member. The domain administrator can add the computer account to the RAS and IAS Servers security group by using Active Directory Users and Computers or with the etsh ras add registeredserver command.
2. Open Routing and Remote Access.
3. By default, the local computer is listed as a server. To add another server, in the console tree, right-click Server Status, and then click Add Server. In the Add Server dialog box, click the applicable option, and then click OK.
4. In the console tree, right-click the server you want to enable, and then click Configure and Enable Routing and Remote Access.
5. Follow the instructions in the Routing and Remote Access wizard.
Note
To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
To enable the Routing and Remote Access service
1. If this server is a member of a Windows 2000 Active Directory domain and you are not a domain administrator, instruct your domain administrator to add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member. The domain administrator can add the computer account to the RAS and IAS Servers security group by using Active Directory Users and Computers or with the etsh ras add registeredserver command.
2. Open Routing and Remote Access.
3. By default, the local computer is listed as a server. To add another server, in the console tree, right-click Server Status, and then click Add Server. In the Add Server dialog box, click the applicable option, and then click OK.
4. In the console tree, right-click the server you want to enable, and then click Configure and Enable Routing and Remote Access.
5. Follow the instructions in the Routing and Remote Access wizard.
Note
To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
More on configuring VPN (edited to fit the 1930 char limit):
Configure RAS. See "To view properties of the remote access server."
To allow multiple PPTP clients, you need to configure the following settings:
* General: Verify that the RAS check box is selected.
* Security
- Authentication Methods: Select the authentication methods that are supported by the RAS to authenticate the credentials of dial-up clients.
- Authentication Provider: You can verify the credentialsof dial-up clients by using Win2k security or a RADIUS server.
- Accounting Provider: You can record dial-up client activity for analysis or accounting purposes by selecting and configuring an accounting provider.
* IP: Verify that the Enable IP routing and Allow IP-based remote access and demand-dial connections check boxes are selected.
If a DHCP server allocating intranet IP addresses is available, click Dynamic Host Allocation Protocol (DHCP). If not, click Static address pooland type the range of IP addresses that are dynamically allocated to PPTP-based VPN clients in the form of an IP address and mask.
If the static IP address pool represents a separate subnet, then you must add a static IP route that consists of the remote access address pool {IP Address, Mask} to the routers of the intranet. If the route is not added, then PPTP-based VPN clients cannot receive traffic from resources on the intranet.
See "To create a static IP address pool."
Configure RAS. See "To view properties of the remote access server."
To allow multiple PPTP clients, you need to configure the following settings:
* General: Verify that the RAS check box is selected.
* Security
- Authentication Methods: Select the authentication methods that are supported by the RAS to authenticate the credentials of dial-up clients.
- Authentication Provider: You can verify the credentialsof dial-up clients by using Win2k security or a RADIUS server.
- Accounting Provider: You can record dial-up client activity for analysis or accounting purposes by selecting and configuring an accounting provider.
* IP: Verify that the Enable IP routing and Allow IP-based remote access and demand-dial connections check boxes are selected.
If a DHCP server allocating intranet IP addresses is available, click Dynamic Host Allocation Protocol (DHCP). If not, click Static address pooland type the range of IP addresses that are dynamically allocated to PPTP-based VPN clients in the form of an IP address and mask.
If the static IP address pool represents a separate subnet, then you must add a static IP route that consists of the remote access address pool {IP Address, Mask} to the routers of the intranet. If the route is not added, then PPTP-based VPN clients cannot receive traffic from resources on the intranet.
See "To create a static IP address pool."
Alot of users are doing the NAT with their DSL routers, which already serve DHCP (albeit a single addy) and interfere with the DHCP portion of NAT in Win2K. All you have to do is disable DHCP ands statically assign the clients addies in the range and have then list the NAT machine's internal IP as Default Gateway. All done!
You should enter the IP address of the LAN interface of the server for the Default Gateway in DHCP server.
should I add another nic on the server and then kill the dhcp on the router? Or should I make sure they have a static address for the internet to add on the second nic? I only need to connect 3 clients to the internet. Can I bypass the server completely and connect the clients to the router after disabling the dhcp and use the router ip as the clients default gateway?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
