Routing and Remote Access Blog

VPN articles - straight from Windows development team

Browse by Tags

Related Posts
  • Blog Post: How to prevent SSTP based VPN connections to be dialed out from my network

    So we are back with a post on SSTP - the tunnelling protocol that can help you traverse through NATs and firewalls. SSTP is sure a great way to establish VPN connections in cases where PPTP and L2TP will not work due to the presence of NATs and firewalls. However, some network administrators may not...
  • Blog Post: How to configure Windows client OS machine as VPN server

    Are you interested in setting up your Windows based client OS (like Vista, Windows7) as VPN server (aka ‘Enabling Incoming Connections’)? I have seen some queries as where to find ‘Incoming Connection’ wizard in Vista and hence this post. The Incoming Connection link in Vista is little hidden...
  • Blog Post: Remote Access Deployment – Part 1: Configuring Remote Access Clients

    Hello Customers, In my last few articles , I discussed about the design guidelines to consider before deploying  a remote access solution. In the next few articles, I will go through the steps to configure the various components  of the remote access solution. These articles will act as your...
  • Blog Post: Remote Access Deployment – Part 3: Configuring RADIUS Server for remote access

    Hello Customers, In this post, I will go through the steps to configure to deploy Network Policy Server (NPS) based RADIUS server to authenticate and authorize the remote access connections coming from RRAS based VPN server. I will try to go through different policy parameters in order to point you to...
  • Blog Post: How to configure Network Load Balancing (NLB) based cluster of VPN Servers

    Hello All, in this blog, I will discuss how to configure a "Network Load Balancing Cluster" of vpn servers to ensure high availability and scalability of vpn service. For information about "Network Load Balancing (NLB)" feature in "Windows Server 2008 R2" please refer the following link: http://technet...
  • Blog Post: How to configure split tunnelling on VPN clients using CMAK

    When a VPN connection is established, by default, ‘Use default gateway on remote network’ checkbox is selected. When this checkbox is selected a new default route for the VPN Connection is added and the existing default route gets a higher metric. Result of this setting is that all the intranet traffic...
  • Blog Post: How to use command line for configuring Routing and Remote Access Server

    Netsh is a command line tool to configure and administer Windows based computers. Netsh can be used extensively for Routing and remote access configurations. Some of the netsh commands in RAS context are - Command – Netsh ras add authtype add authtype [type = ] PAP|SPAP|MD5CHAP|MSCHAP|MSCHAPv2...
  • Blog Post: How to change certificate on SSTP server - in Windows server 2008 R2

    Hi Folks, Very soon Windows 7 and Windows Server 2008 R2 will be released and it is very exciting that beta version of these new operating system is available for public download. So, go ahead and start using it and provide your valuable feedback to us. In this blog I will talk about a new feature...
  • Blog Post: How to configure RRAS based SSTP VPN server behind F5 BIGIP SSL load balancer

    Hello All, In this blog, I will discuss how to load balance SSTP based VPN servers using a F5 BIGIP SSL load balancer. Lets look at the deployment scenario first: You are having a pool of RRAS based VPN servers hosted behind F5 BIGIP load balancer. The F5 BIGIP load balancer terminates the HTTPS...
  • Blog Post: How to change machine certificate on the SSTP server

    This blog is going to tell about how to change the Certificate to be used for the SSTP Server. Although, the normal procedure of installing the certificate on RRAS Server for SSTP mentioned in the step by step guide works perfectly fine, this blog is going to talk about how to change the certificate...
  • Blog Post: Deploying NAP support for VPN: Step-by-step guide available at

    Hi All, Setting up VPN NAP using RRAS may seem overly complex in thoughts, but is not so. We now have great step-by-step guide available which walks you though the concepts + each and every step involved to set it up in the lab enviroment, test it and get a feel for it. This is not a deployment guide...
  • Blog Post: How to configure VPN Server with single NIC on Windows Server

    'Routing and Remote Access' service that is available as part of Windows Server 2000, Windows Server 2003 and Longhorn server can be configured as a VPN Server with single Network Interface Card (NIC). This configuration is primarily used when there is a Network Address Translator (NAT) (or Firewall...
  • Blog Post: How to deploy SSTP based VPN server behind a SSL terminator

    By now, from all the other posts you might be aware of steps required to configure SSTP server to accept HTTPS connections. SSTP also supports being configured behind a SSL terminator (HTTP Reverse Proxy scenario). With this setup, a SSL terminator can be configured to terminate the SSL session and direct...
  • Blog Post: Provisioning VPN client settings using Group Policy

    Problem: Today, Microsoft VPN client can be configured in two ways as discussed in this article – a) in-built VPN client b) CM based VPN client. The first method requires end user to know the VPN settings and then create a VPN connection – which needs to be repeated by each user and prone to errors...
  • Blog Post: How to secure the server running RRAS role after doing upgrade or fresh install of Windows server 2008

    Hello, As you know in Windows server 2008 (WS08) we have removed “Basic Firewall” functionality in RRAS which exist in Windows Server 2003 (WS03). This leads to following security implications which you should be carefully consider when configuring RRAS on WS08: 1) If you were running...
  • Blog Post: How to deploy SSTP based VPN server behind a NAT router

    Hi All, As you know, SSTP is a new VPN tunnel added in Routing and remote access server role in Windows 2008 server and Vista SP1. This allows PPP packets to be encapsulated over HTTP, hence allowing VPN connection to be established through firewalls/NAT/web proxies. For small to medium size organizations...
  • Blog Post: Remote Access Deployment – Part 2: Configuring RRAS as a VPN server

    Hello Customers, In this post, I will go through the steps to configure to deploy RRAS as a VPN server. I will try to go through different configuration scenarios in order to point you to various configuration options in RRAS server role. However for your deployment, you may be skipping some of those...
  • Blog Post: How to restrict SSTP connection to specific IP address (instead of all IP address) on RRAS server

    SSTP by default is configured to listen on all the interfaces (i.e. 0.0.0.0 for IPv4 or ::/0 for IPv6). This means RRAS server by default will allow VPN connections to come in from “all” the IPv4 as well as IPv6 addresses that are available on the server machine. The RRAS server sets the machine certificate...
  • Blog Post: Routing to Multiple Networks behind VPN Server

    Approach 1: On Security stand point use Default Gateway in the remote network else create batch file to add route on each client. The batch file can be created using Client Management Administration Kit (CMAK). CMAK can be used to save or export VPN Client for other computers. Firstly; To...
  • Blog Post: Deploying SSTP: Step-by-step guide available at

    Hi All, SSTP step-by-step guide is available at Windows server 2008 step-by-step guides site i.e. http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Deploying%20SSTP%20Remote%20Access%20Step%20by%20Step%20Guide.doc Or http://technet2.microsoft.com/windowsserver2008...
  • Blog Post: How to deploy SSTP based VPN server and IIS on the same machine

    This blog is going to tell about how SSTP can be affected by configuring IIS Server on the same Server and how to get rid of this problem without moving the IIS Server to a different machine. Let's us first know what kind of issue can arise if IIS is configured alongwith SSTP on the same server...
  • Blog Post: Deploying VPN Reconnect: Step-by-step guide available at

    Folks, The deployment guide for VPN Reconnect is now available at http://download.microsoft.com/download/8/9/0/890C2C54-EE49-4743-A5B0-1F3AD7C36721/Step-by-Step_Deploy_Remote_Access_with_VPN_Reconnect.doc The guide covers the various requirements for deploying VPN Reconnect and detail steps...
  • Blog Post: How to configure the RRAS based VPN server to accept SSTP connections

    By now, all of you would be aware of what SSTP is and would also have got your questions answered in the FAQ column. We also saw in this blog , how to configure a SSTP client connection. In this post, let's quickly look at the steps required to configure the VPN server as a SSTP server. We will use...
  • Blog Post: How to detect if RRAS server is dropping all other traffic except VPN traffic

    I have seen this a common customer query: My 2K, 2K3 server was working as DNS, DHCP, AD etc and stopped working after RRAS is installed. The main reason for this is because: When RRAS server is configured using RRAS configuration wizard and you select VPN path, it enables static filters on the...
  • Blog Post: How to change the machine certificate of SSTP based RRAS server

    SSTP requires a machine certificate on the RRAS server which needs to be set inside HTTPS listener (i.e. HTTP.SYS). This certificate will be sent to the client during SSL hand-shake stage (like in any other https:// requests). The RRAS server, when configured first time tries read a machine certificate...