Increasingly, network administrators are turning to Virtual Private Networking (VPN) connections to link remote workers to LANs. Windows 2000 includes VPN functionality, and even if you’re not using VPNs at your organization, you’ll need to be familiar with Win2K’s VPN feature if you’re planning on sitting for any of the following exams:

  • Exam 70-210 – Installing, Configuring, and Administering Microsoft Windows 2000 Professional
  • Exam 70-215 – Installing, Configuring, and Administering Microsoft Windows2000 Server
  • Exam 70-216 – Implementing and Administering a Microsoft Windows 2000 Network Infrastructure
  • Exam 70-240 – Microsoft Windows 2000 Accelerated Exam for MCPs Certified on Microsoft Windows NT 4.0

Why a VPN?
VPNs have caught on quickly primarily for the following two reasons:

  • VPNs permit employees to connect to office resources from home or other locations using common hardware.
  • VPNs provide secure connections.

By using tunneling protocols, such as PPTP or LT2P, secure connections can be configured between a client’s laptop or home machine and a company’s LAN, as diagrammed in Figure A.

Figure A
VPNs use tunneling protocols to create secure connections through the Public Switched Telephone Network.

The Windows 2000 Network Connection Wizard offers two methods for connecting to private networks. The Network Connection Wizard can be reached by clicking Start | Settings | Network And Dial-up Connections | Make New Connection from within Windows 2000 Professional. The method you select will depend largely on the telecommunications technology you have in place.

You should select Dial-Up To Private Network if you plan to use a traditional 56Kbps modem or ISDN connection. You should select Connect To A Private Network Through The Internet if you wish to use a preexisting Internet connection. Most likely, if you’re using a cable modem or a DSL connection, you’ll choose this option.

Creating a dial-up VPN connection
Dial-up VPN connections are created by selecting Dial-Up To Private Network from the Network Connection Wizard, as shown in Figure B.

Figure B
Select Dial-Up To Private Network to begin creating a dial-up VPN connection.

The wizard will then prompt you to supply the telephone number of the computer or network you wish to call. If you’re installing the VPN link on a laptop, you may wish to check the Use Dialing Rules box. Doing so enables you to configure different dialing configurations depending upon your location.

Next, you’ll need to specify whether the connection will be used only by yourself or by all users of the machine upon which it’s being installed. Select the default, For All Users, if everyone using the workstation should have access to the VPN connection. Select Only For Myself if you wish to make the connection available only for your user logon.

Provide a name for the VPN connection and select Finish to complete the process. If you wish to create a shortcut for the dial-up VPN connection on your desktop, be sure to check the Add A Shortcut To My Desktop box. To connect to the remote system, select the connection from Start | Settings | Network And Dial-Up Connections.

Should you need to change the telephone number or other settings associated with the VPN connection, you can do so easily. Just click Start | Settings | Network And Dial-Up Connections, right-click the dial-up connection you wish to configure, and select Properties. Figure C shows the Dial-Up Connection Properties dialog.

Figure C
A variety of settings can be configured for dial-up connections from the Properties box. For example, you can specify (or change) the modem to use by selecting Configure.

Creating a tunneled connection
If you need to create a VPN connection using a cable or DSL modem, a LAN, or a WAN connection, in the Network Troubleshooting Wizard you’ll want to select Connect To A Private Network Through The Internet. The wizard will ask you whether an initial call needs to be placed. If so, select Automatically Dial This Initial Connection and supply the name of the connection you wish to have dialed from the provided drop-down box. If no initial connection is required, select Do Not Dial The Initial Connection and click the next box.

Provide the host name or IP address of the computer or network to which you want to connect. You can supply the host name in the form somehostname.com, substituting the appropriate name, of course. Or, you can enter the IP address of the machine you wish to contact, such as 192.168.1.1. Click Next.

Just as with a dial-up connection, you’ll be asked whether the connection is to be used only by yourself, or by all of the system’s accounts. Select the appropriate option and click Next. Supply a name for the connection, indicate whether you wish to add a shortcut to the desktop, and click Finish.

To connect, double-click the shortcut—if you chose to create one—or select the connection from Start | Settings | Network And Dial-Up Connections. Supply your User name and Password for the network you wish to access (see Figure D), and you’re ready to begin enjoying the benefits of secure, remote access.

Figure D
You’ll need to supply your networking User name and Password for authentication purposes.

If you want to edit the settings for the connection, you can do so easily. Just right-click the connection name and select Properties. Here you can modify TCP/IP settings, the IP or host name of the computer to which you wish to connect, and other configuration information.

Several other options can be configured using the tabs in your connection’s Properties dialog, including:

  • Whether you wish to have connection progress displayed.
  • Whether data encryption is automatically required.
  • Which networking components are used by the connection (such as TCP/P, Client for Microsoft Networks, etc.).
  • The type of VPN server being called (you can specify Automatic discovery, Layer-2 Tunneling Protocol [L2TP], or Point-to-Point Tunneling Protocol [PPTP]).

Other options you can configure include whether the connection appears in the Taskbar when it’s in use, whether to include your Windows logon domain when connecting, and whether Internet Connection Sharing should be enabled for the connection.

Windows 2000 includes a VPN functionality that is more robust and clearer than previous versions of Windows. Given that more and more companies are turning to VPNs for security reasons, you’ll want to understand how to configure this networking option.