Configure PPTP-based Remote Access
Updated: April 30, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
Deploying PPTP-based remote access VPN connections by using Windows Server 2008 consists of the following:
Configuring the remote access server as a corporate intranet router
Configuring the VPN server
Configuring firewall packet filters
Configuring network policies
Configuring the remote access server as a corporate intranet router
For the remote access server to properly forward traffic on the corporate intranet, you must configure it as a router with either static routes or a routing protocol, such as Routing Information Protocol (RIP), so that all of the locations on the intranet are reachable from the remote access server. For information about configuring routing, see Configure Routing on a VPN Server.
Configuring the VPN server
You can configure your VPN server by running the Routing and Remote Access Server Setup Wizard. You can use the wizard to configure the following settings:
The method by which the VPN server assigns IP addresses to remote access clients (either using addresses that the VPN server obtains from a DHCP server or by using addresses from a specified range of addresses that you configure).
Forwarding of authorization and authentication messages to a Remote Authentication Dial-In User Service (RADIUS) server (configuration of the VPN server as a RADIUS client).
After you run the Routing and Remote Access Server Setup Wizard, these RRAS settings are automatically configured:
Network interfaces
IKEv2, SSTP, PPTP, and L2TP ports (5 or 128 of each, depending on your choices when running the wizard)
Multicast support using Internet Group Messaging Protocol (IGMP)
IP routing
Installation of the DHCP Relay Agent component
Configuring firewall packet filters
If you are using a firewall, you need to configure packet filters on your firewall that allow PPTP traffic between Internet-based VPN clients and the VPN server computer. For more information, see Appendix B: VPN Servers and Firewall Configuration.
Configuring network policies
For an access-by-user administrative model, you need to set the network access permission to Allow access on the user accounts for those users who will be making VPN connections. For an access-by-policy model, use Network Policy Server (NPS) to configure remote access network policies. For more information, see Configure a Remote Access Network Policy.