locked
RRAS Deployment Options RRS feed

  • Question

  • Hi

    I am being tasked with deploying Windows RRAS so home users can connect to our office using a VPN

    I want to set the server up in the DMZ then connect back to the LAN.

    Can someone direct me to any guides on deployment considerations?

    If the server is in the DMZ of a Juniper Firewall, would it have 2 NICS.  one for the DMZ and one for Live LAN?

    Does it give DHCP using the LAN Range?


    Friday, May 9, 2014 3:53 PM

Answers

All replies

  • Hi,

    For standard  VPN server configuration at least two network interfaces need to be installed. One is the public interface and another is the private interface(internal interface).

    If your VPN server handles more than 20 concurrent remote access connections, then use the VPN server to allocate IP address leases to remote access clients. When you create the IP address pool on the VPN server, be certain not to allocate addresses already in use by DHCP servers on your network.

    For detailed information, view the link below:

    Remote Access Deployment – Part 2: Configuring RRAS as a VPN server

    http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-2-configuring-rras-as-a-vpn-server.aspx

    VPN best practices

    http://technet.microsoft.com/en-us/library/cc778749(v=WS.10).aspx

    Configure the Way RRAS Assigns IP Addresses to VPN Clients

    http://technet.microsoft.com/en-us/library/dd469667.aspx

    Hope this helps.



    Steven Lee

    TechNet Community Support

    Monday, May 12, 2014 5:23 AM
  • Hi

    Thanks for this.  I shall take a look.

    If the RRAS Server is virtual, in the DMZ behind a firewall, would i still give it a WAN IP, or give it a DMZ Internal IP and have a WAN IP forward to that IP Address?

    I will also give it an IP on the LAN side on a separate Network interface

    Monday, May 12, 2014 9:30 AM
  • Hi,

    Both methods are OK.

    For security reasons, we recommend the second method. You can use your firewall to protect the server from network attack.

    Hope this helps.



    Steven Lee

    TechNet Community Support

    Tuesday, May 13, 2014 9:45 AM