Configuring the PPTP connection at the corporate office

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Configuring the PPTP connection at the corporate office

To route PPTP tunneled data to a branch office router, you must create a demand-dial interface for the PPTP connection to the branch office router and a static route. For this scenario, the following steps are completed:

  1. Network adapters are installed and configured.

  2. The Routing and Remote Access service is installed.

  3. An IP address pool is configured.

  4. A demand-dial interface is created.

  5. A dial-in account is created.

  6. An IP static route is added.

  7. PPTP filters are added for security.

  8. Remote access policies are configured.

These steps are outlined in the following sections and are intended as general guidelines for setting up a branch office PPTP connection to a corporate network.

Installing and configuring network adapters

To install and configure network adapters, the following steps are performed:

  1. One network adapter is installed to connect to the backbone and one network adapter is installed to permanently connect to the Internet.

  2. The drivers for the network adapters are installed.

  3. The IP addresses on the network adapters are configured through the properties of the TCP/IP protocol.

In this network scenario, the IP addresses are configured as follows:

  1. The IP address 172.16.1.5 is assigned to the network adapter that connects to the backbone.

  2. The IP address w.x.y.z is assigned to the network adapter that connects to the Internet.

Note

  • The use of w.x.y.z is intended to represent a valid public IP address as allocated by the Internet Assigned Numbers Authority (IANA) or an ISP. For your configuration, substitute your allocated public address for w.x.y.z.

Installing the Routing and Remote Access service

For this branch office network scenario, the Routing and Remote Access service is installed and LAN and WAN routing are enabled. To allow remote access clients to create remote access VPN connections to the corporate network, remote access is also enabled. The network adapters that are installed automatically appear as interfaces in Routing and Remote Access. For more information, see Enable the Routing and Remote Access service.

Configuring an IP address pool

In this scenario, the corporate router (Router 9) is configured with an IP address pool with a single range, as shown in the following table.

Starting address of the range Ending address of the range Number of addresses in the range

172.16.1.137

172.16.1.138

2

For information about configuring an IP address pool, see Create a static IP address pool.

Creating a demand-dial interface

A demand-dial interface is created by using the Demand-Dial Interface wizard with the following configuration:

  • Name: BranchOfficePPTP

  • Protocols to route: IP

  • Modem or adapter: VPN1 device

  • Phone number: <none>

  • Dial-out credentials: <none>

For more information about the Demand-Dial Interface wizard, see Add a demand-dial interface.

Routing and Remote Access now displays three interfaces that correspond to:

  1. The network adapter that is connected to the backbone.

  2. The network adapter that is connected to the Internet.

  3. The PPTP connection.

Creating a dial-in account

The account BranchOfficePPTP is added and dial-in permissions are enabled.

For more information, see Configure dial-in user properties.

Adding an IP static route

At the corporate router, a single IP static route is added so that traffic can be routed to the branch office network.

To route packets to the branch office, a static route is added with the characteristics shown in the following table. This route specifies that if a packet is to be delivered to the branch office network, the PPTP demand-dial interface is used.

Interface Destination Network mask Metric

BranchOfficePPTP

172.16.129.0

255.255.255.0

1

For more information about adding static routes, see Add a static route.

Adding PPTP filters

In this scenario, Router 9 is also configured as a Microsoft Proxy Server. The Microsoft Proxy Server configuration settings are used to add PPTP filters to the Internet interface. For information about adding filters by using Microsoft Proxy Server, see the Microsoft Proxy Server documentation.

Configuring remote access policies

A new remote access policy is created with the following properties:

  • Policy name is set to PPTP Access for Corporate Office Router (example).

  • The NAS-Port-Type condition is set to Virtual (VPN).

  • The Tunnel-Type condition is set to Point-to-Point Tunneling Protocol.

  • The Grant remote access permission option is selected.

Note

  • The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.