Wednesday, January 23, 2013

Configure Server 2008 VPN Behind Sonicwall TZ 210

You want to use your Server 2008 as a VPN for accessing remote applications and data at your workplace instead of your VPN firewall or a router that has that option? Understandable. Exciting that you found this post huh? No? Only useful? Well, okay.

First, install the server role.
The server role isn't called 'vpn' or anything like that. Go to Start > Server Manager > Add Roles > Select Network Policy and Access Services > Next > Next.

Select Remote Access Service > Next > Install > The Service takes a long time so make a sandwich or a salad if you're a vegetarian. When it finishes, click close.

Now go to Start > Administrative tools > Routing and Remote Access > The Server will have a red "south" Arrow on it > Right Click the Server and Select "configure and enable routing and remote access"

Next > Select "Custom Configuration" > Next.

VPN Access > Next

When prompted select "Start Service" > service will start > you can now close the Routing and Remote Access Console.

Make sure the user has 'dial-in access' in Active Directory Users and Computers. For example find Joe Smith in Active Directory. Go to his properties. In the dial-in tab, click "allow access."

Now we must go to the Sonicwall device.
Since the Server 2008 box is behind our firewall we must open the correct port and protocol to Server 2008. TCP Port 1723 and GRE (Generic Routing Encapsulation) to be exact.

You will need two rules in your Sonicwall. The first one is NAT.

Source original - any
Source translated - original
Dest original - your public IP
Dest Translated - your vpn server internal IP
Service original - pptp
service tranlated - original

The second rule is a firewall rule.
Wan to Lan
Source - any
Destination - my external IP
Service - pptp
Action - allow

These two rules cover the TCP port 1723 and the GRE protocol requirements.

Now you need to connect your remote client to the VPN server (your server 2008 box).

The following is for Windows Vista and Windows 7 machines.
Click on Start > Control Panel > Network and sharing Center > Connect to a Network > Set up a Connection or Network > Connect To a Workplace > Next.

Use My Internet Connection (VPN) > Enter the public IP address of the VPN server > Enter a Name for the Connection > Next > Enter your Domain Logon details > Connect.

I hope this helps. I couldn't find a single post covering all of this. There might be one out there. I couldn't find one so that's why I wrote this post. Enjoy!

4 comments:

  1. Yes that really very need vpn service present..
    vpn windows

    ReplyDelete
  2. Works for 2012R2 server as well

    ReplyDelete
  3. how to do it for lt2p?

    ReplyDelete

Life in IT appreciates and encourages your comments, but we do have guidelines for posting comments:

1. Avoid profanities or foul language unless it is contained in a necessary quote.

2. Stay on topic.

3. Disagree, but avoid ad hominem attacks.

4. Threats are treated seriously and reported to law enforcement.

5. Spam and advertising are not permitted in the comments area.

Thanks!