ConfigureTCP/IP on the VPN Server

  • Article

Applies To: Windows Server 2008

After configuring the server as a remote access server, configure the TCP/IP settings for the Internet or perimeter network interface and for the intranet interface.

Note

Because of routing issues related to configuring TCP/IP automatically, it is recommended that you not configure a VPN server as a DHCP client. Instead, manually configure TCP/IP on the intranet interfaces of a VPN server.

Manually configure the Internet or perimeter network interface of the VPN server with a default gateway. Configure the TCP/IP settings with a public IP address, a subnet mask, and the default gateway of either the firewall (if the VPN server is connected to a perimeter network) or an ISP router (if the VPN server is connected directly to the Internet).

Configuring TCP/IP on the VPN server

Configuring the Internet interface

Configuring the intranet interface

To configure TCP/IP for the Internet or perimeter network interface

  1. In Control Panel, double-click Network Connections, and then double-click the network adapter for the Internet or perimeter network interface.

  2. In the network adapter status dialog box (for example, Local Area Connection Status), click Properties.

  3. Select Internet Protocol (TCP/IP), and then click Properties.

  4. On the General tab, configure the IP address, subnet mask, and default gateway.

    The IP address must be a public IP address assigned by an ISP. As an option, you can configure the VPN server with a private IP address but assign it a published static IP address by which it is known on the Internet. When packets are sent to and from the VPN server, a network address translation (NAT) device that is positioned between the Internet and the VPN server translates the published IP address to the private IP address.

    When you configure a VPN connection, give your VPN servers names that can be resolved to IP addresses using DNS.

  5. Click Advanced to display the Advanced TCP/IP Settings dialog box.

  6. To prevent the VPN server from dynamically registering the public IP address of its Internet interface with an intranet DNS server, on the DNS tab, clear the Register this connection’s addresses in DNS check box. This check box is cleared by default.

  7. To prevent the VPN server from registering the public IP address of its Internet interface with intranet WINS servers, on the WINS tab, select the Disable NetBIOS over TCP/IP check box. This check box is selected by default.

When you configure TCP/IP for the intranet interface of the VPN server, do not configure the default gateway on the intranet connection. This will prevent default route conflicts with the default route pointing to the Internet.

To configure TCP/IP for the intranet interface

  1. In Control Panel, double-click Network Connections, and then double-click the network adapter for intranet interface.

  2. In the network adapter status dialog box (for example, Local Area Connection 2 Status), click Properties.

  3. Select Internet Protocol (TCP/IP), and then click Properties.

  4. On the General tab, configure the IP address, subnet mask, and DNS server address.

  5. Click Advanced to display the Advanced TCP/IP Settings dialog box.

  6. On the WINS tab, configure the IP addresses of your WINS servers.