1

I work on a small business network that runs on a windows server 2008 R2 domain. Right now we use a Cisco (Linksys) RV042 router to handle both VPN connections and a single Site-Site vpn. However, there has been mild-but-increasing interest in getting client VPN integrated into ADDS so that users can use their domain accounts. I also have some spare hardware around that could possibly be recommissioned into use to function as a vpn server.

The machine has only one network interface; however, the RV042 has a redundant WAN interface that can be configured as a DMZ interface instead. I'm wondering: Can I run this server connected to the DMZ so that it can perform VPN functions, while the RV042 continues to function as the router and my primary DC performs DHCP/DNS services?

Technet doesn't seem to indicate that there's much leeway concerning the dual-interface nature of VPN servers, so I'm hoping this will be a quick yes/no question.

Thanks!

bwerks
  • 752
  • 3
  • 10
  • 22

1 Answers1

1

Yes, if you run the Windows system in the DMZ, then you will lock it down via its built-in firewall.

You can also place the Windows system behind the NAT/firewall and just map the needed ports to enable VPN functionality from the Internet side. This option is probably a little more flexible for most configurations.

user48838
  • 7,431
  • 2
  • 18
  • 14
  • Ah, ok. So the VPN server role isn't dead-set on bridging a WAN and a LAN interface in its design? I'd be thrilled if this is the case; I just want to make sure it's possible before I invest too much time into it. – bwerks May 26 '11 at 22:50
  • That is definitely correct with the second approach, where the DMZ approach may vary based on how strict you want to implement your DMZ. – user48838 May 27 '11 at 19:35
  • Finally had a chance to implement this. Worked like a charm! Just opened ports 1723 (PPTP), 500/4500 (IPSec), and 443 (SSTP) on the firewall and forwarded them to the server running RRAS, and everything's up and running. It's pretty popular already. – bwerks Jun 14 '11 at 21:54
  • Cool... Glad it worked out. – user48838 Jun 14 '11 at 22:02