Windows Server 2003 VPN (Virtual Private Network)

When using a dial-up modem to connect to the server remotely, the Windows Server 2003 remote access server requires a separate modem and a separate phone line for each remote connection. If there are multiple remote clients that need to use the remote access server at the same time, on the Windows Server 2003 remote access server, multiple modems and multiple telephone lines are needed, so the hardware investment of the remote access server is relatively large. At the same time, if the remote access client is in the field, when dialing access to the RAS server, the resulting long-distance charges are also high in frequent dial-up access. To do this, when we use the VPN method to access the RAS server, as long as the RAS server is connected to the Internet and has a valid IP address, there is no need to configure any modems and telephone lines on the RAS server. The remote access user can also use Modem to dial the Internet connection provided by the local ISP, access the RAS server through VPN, and access the enterprise network resources through the RAS server.

Using VPN also increases access speed. When using a dial-up modem, each link can only provide up to 56KB of bandwidth. In order to increase bandwidth, only multi-link mode can be used, and VPN can easily achieve KB or even MB-level bandwidth.

To implement a VPN connection, a VPN server must be established in the LAN. The VPN server must have a public IP address that connects to the private network inside the enterprise and connects to the Internet. When a client communicates with a computer on a private network through a VPN connection, all data is first transmitted by the ISP to the VPN server, and then the VPN server is responsible for transmitting all data to the target computer.

Features of VPN:

◆ Low cost. With VPN, remote users can access the company's local area network (LAN) over the Internet at a fraction of the cost of traditional remote access solutions.

◆High security. VPN uses three aspects of technology (communication protocol, authentication and data encryption) to ensure the security of communication. When the client sends a request to the VPN server, the VPN server responds to the request and issues an identity challenge to the client, and then the client sends the encrypted response message to the VPN server, and the VPN server checks the response according to the database. If the account is valid, the VPN server will Check if the user has remote access rights. If the user has remote access rights, the VPN server accepts the connection. The client and server public keys generated during the authentication process will be used to encrypt the data.

◆Support the most commonly used network protocols. Since VPNs support the most commonly used network protocols, customers such as large networks, TCP/IP, and IPX networks can easily use VPNs; not only that, any network protocol that supports remote access is also supported in VPNs. This means that programs that depend on special network protocols can be remotely traveled, thus reducing the cost of installing and maintaining VPN connections.

◆ Conducive to IP address security. VPN is encrypted when transmitting data on the Internet. Users on the Internet can only see the public IP address, but cannot see the private network address contained in the data packet. Therefore, the security of the IP address is protected.

◆The network architecture is flexible. VPNs are more flexible than proprietary lines, allowing you to easily expand your network or change your network architecture (adding ports and replacing client devices).

◆Management is convenient and flexible. Architecture VPN requires fewer network devices and physical lines, making network management easier. Regardless of the branch office or remote access user, the enterprise network can be accessed through a public network port or the Internet path.

◆ Full control of the initiative. VPNs enable organizations to take advantage of the NSP (network service provider)'s facilities and services while fully taking control of their networks. For example, an enterprise can hand over dial-up access to the NSP, and it is responsible for the user's inspection, access rights, network address, security, and network change management.

VPN implementation can be divided into hardware and software. Windows Server 2003 implements a virtual private network in a completely software-based manner, so it is very inexpensive. No matter where you are, as long as you can connect to the Internet, you can log in to the internal network to browse or exchange information with the virtual private network of the enterprise network on the Internet.

Generally speaking, VPN is used in the following two situations:

◆ The network of the head office is connected to the Internet. After the user dials up to the Internet via a remote dial-up connection, the user can access the Internet. To establish a VPN with the VPN server of the head office and securely transmit information through the VPN.

◆The VPN servers of both LANs are connected to the Internet, and VPN is established through the Internet, so that the two networks can transmit information securely.

1. Create an experimental environment: