The virtual private network (VPN) technology allows users working outside the office premises connect to their private network in a cost-effective and secure way. Creating this type of internetwork is call virtual private networking. VPN uses ordinary internet as a medium to reach end point i.e. private network or inside corporate network.
In a VPN connection, data is encapsulated or wrapped up and encrypted with a header that provides routing information allowing it to traverse the shared or public transit internetwork to reach its destination. The portion of the connection in which the private data is encapsulated is known as the tunnel. VPN connections use either Point-to-Point Tunnelling Protocol (PPTP) or Layer Two Tunnelling Protocol/Internet Protocol security (L2TP/IPSec) over internet as medium.
Figure: A typical VPN connection, source Microsoft Corp.
So what is required to deploy VPN in an organisation. A systems administrator can accomplish VPN if he/she has the following components in place.
VPN Server (Windows 2008/2003)
Internet infrastructure with Public IP
VPN Clients (Windows 7, Windows XP or Mac OSX 10.5.x)
Intranet infrastructure (Microsoft networks, AD, DNS and DHCP with enough IP available)
Certificate infrastructure (Microsoft AD CS)
Authentication, authorization and accounting (AAA) infrastructure (Windows/Radius)
Deployment: you can install Windows server 2008 in a standard hardware with two NICs. In my situation, I used three NICs as my VPN server is also wireless authentication server. So, it works both for me (VPN+Wireless). One NIC for internal network, another for public IP (VPN) and another for wireless networks (ignore third NIC if you are not in same situation). All NICs must have static IP. You have to pipe through public IP to your VPN server. VPN server must be a domain member and computer/machine certificate installed in VPN server. I configure DHCP in VPN server. So that VPN client can obtain IP from this server not from internal DHCP server. It makes my life easy and got enough IP. You can mention existing DHCP server also while configuring VPN if you choose not to configure DHCP in VPN server. Here, I will explain about L2TP IPSec deployment. L2TP IPSec is secure and preferred VPN for me. The following screen shots will do the rest for you.
Here, you can select VPN+NAT, that will do.
Here, you have to select tunnel type, Encryption method, NASPort Type. It’s highly important.
I used Microsoft server 2008 R2 as VPN server using L2TP IPSec. I used windows authentication not Radius. In this case, the secure connection appears to the user as a private network communication, however this VPN connects over a public networks. An user and a machine certificate are required to connect to VPN server. Also user must be a domain user. In your situation would certainly be different. Do as appropriate in your situation. I hope this would help you to configure VPN server.