Configuring the PPTP connection at the branch office
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Configuring the PPTP connection at the branch office
To configure a PPTP connection to a corporate network at a branch office router, you must create a demand-dial interface for the ISP connection, a demand-dial interface for the PPTP connection to the corporate router, and a static route for each interface. For this scenario, the following steps are completed:
Network adapters are installed and configured.
An IP address pool is configured.
The Routing and Remote Access service is installed.
Remote access devices are installed and configured.
Demand-dial interfaces are created.
IP static routes are added.
PPTP filters are added.
Remote access policies are configured.
These steps are outlined in the following sections and are intended as general guidelines for setting up a branch office PPTP connection to a corporate network.
Installing and configuring network adapters
To install and configure network adapters, the following steps are performed:
On the server running Routing and Remote Access, one network adapter is installed.
The driver for the network adapter is installed.
The IP address on the network adapter is configured through the properties of the TCP/IP protocol.
For this scenario, the address 172.16.129.1 is assigned to the network adapter that is connected to the branch office network.
Installing the Routing and Remote Access service
For this branch office network scenario, the Routing and Remote Access service is installed and LAN and demand-dial routing are enabled. The network adapters that are installed automatically appear as interfaces in Routing and Remote Access. For more information, see Enable the Routing and Remote Access service.
Configuring an IP address pool
In this scenario, the branch office router (Router 10) is configured with an IP address pool with a single range, as shown in the following table.
| Starting address of the range | Ending address of the range | Number of addresses in the range |
|---|---|---|
172.16.129.253 |
172.16.129.254 |
2 |
For information about configuring an IP address pool, see Create a static IP address pool.
Creating demand-dial interfaces
Two demand-dial interfaces are created: one for the modem or remote access device and one for the PPTP VPN device.
A demand-dial interface for the ISP connection is created by using the Demand-Dial Interface wizard with the following configuration:
Name: ISP
Protocols to route: IP
Modem or adapter: Installed modem or ISDN device
Phone number: Phone number of local ISP
Dial-out credentials: ISP user account
A demand-dial interface for the PPTP connection is created by using the Demand-Dial Interface wizard with the following configuration:
Name: CorpPPTP
Protocols to route: IP
Modem or adapter: VPN1 device
Phone number: w.x.y.z (IP address of the Internet interface for Router 9)
Dial-out credentials: BranchOfficePPTP
For more information about the Demand-Dial Interface wizard, see Add a demand-dial interface.
Note
- The use of w.x.y.z is intended to represent a valid public IP address as allocated by the Internet Assigned Numbers Authority (IANA) or an ISP. For your configuration, substitute your allocated public address for w.x.y.z.
Routing and Remote Access now displays three interfaces that correspond to:
The network adapter that connects to the branch office.
The ISP connection.
The PPTP connection.
Adding IP static routes
The PPTP connection to the corporate network is made by adding two IP static routes: a route to the ISP and a route to the PPTP server.
To call the PPTP server, a static route is added with the characteristics shown in the following table. This route specifies that if a packet's destination is on the corporate network, the PPTP demand-dial interface is used.
| Interface | Destination | Network mask | Metric |
|---|---|---|---|
CorpPPTP |
172.16.0.0 |
255.255.0.0 |
1 |
To call the ISP, another static route is added with the characteristics shown in the following table. This route specifies that if a PPTP connection is made to the corporate PPTP server, the ISP demand-dial interface is used.
| Interface | Destination | Network mask | Metric |
|---|---|---|---|
ISP |
w.x.y.z |
255.255.255.255 |
1 |
For more information about adding static routes, see Add a static route.
Note
- The use of w.x.y.z is intended to represent a valid public IP address as allocated by the Internet Assigned Numbers Authority (IANA) or an ISP. For your configuration, substitute your allocated public address for w.x.y.z.
This configuration enables the router that is sending packets to 172.16.0.0 (the corporate network) to first connect to the ISP and then connect to the corporate office PPTP server (Router 9). After the interfaces are added and the static routes or routing protocols are set up, a manual connection to the corporate network is not needed except during the testing process.
Adding PPTP filters
To prevent the branch office router from sending or receiving any traffic except the packets sent over the PPTP connection, PPTP filters are added to the ISP demand-dial interface. For information about adding PPTP filters, see Add PPTP Filters.
Configuring remote access policies
A new remote access policy is created with the following properties:
Policy name is set to PPTP Access for Branch Office Routers (example).
The NAS-Port-Type condition is set to Virtual (VPN).
The Tunnel-Type condition is set to Point-to-Point Tunneling Protocol.
The Grant remote access permission option is selected.
Note
- The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.