Vista VPN setup guide, part 1: How to configure Windows Server 2008

Service provider takeaway: Value-added resellers (VARs) and networking consultants can help businesses provide remote access to users by setting up a virtual private network with Windows Vista and Windows Server 2008.

A virtual private network (VPN) can be extremely useful to your customers, but setting up a VPN can be somewhat complicated. This is especially true for Windows Server 2008, which offers many more options than Windows Server 2003. This guide will walk you through a step-by-step VPN setup process. VPN setup solutions come in both hardware and software, but for the purposes of this guide, I explain a software approach to setting up a VPN using Microsoft Vista products. In part 1 of this guide we take a step-by-step approach to configuring Windows Server 2008. In

    Requires Free Membership to View

part 2 of the Vista VPN setup guide we configure Windows Vista workstations.

But before we dig into configurations, let's look at the software and hardware requirements for setting up a Vista VPN. You need two separate Windows 2008 servers and at least one remote client running Windows Vista. The first Windows 2008 server is basically an infrastructure server. It must act as a domain controller, DHCP server, DNS server and certificate authority. If your customer already has a Windows 2008 network in place, you don't need to sell them another server to fit this role.

Any Windows 2008 domain will already have at least one domain controller and one server acting as a DNS server. Most Windows 2008 networks are also running DHCP services. If these services are already in place, your only concern is setting up a certificate authority (which I show you how to do in Step 3). For now, you just need to know that the server acting as a certificate authority must be running Windows Server 2003 or Windows Server 2008 Enterprise Edition.

The second server you need is a VPN server. Windows Server 2008 ships with the necessary software, but you do need two network interface cards (NICs): One will connect to the Internet and the other will connect to the private corporate network.

Before we move on to setting up a domain controller, let's consider server placement. Both servers will connect to the private network via a hub or switch. Only the VPN server will have external connectivity. However, it's a security risk to connect the VPN server directly to the Internet. It's best to place a firewall in front of the VPN server so you can filter out everything but VPN traffic.

Vista VPN setup guide, part 1

 Set up a domain controller
 Install DHCP services
 Install Active Directory Certificate Services
 Install IIS
 Request a machine certificate
 Install the Routing and Remote Access Service role
 Configure the VPN server
 Publish the Certificate Revocation List
 Make the CRL accessible


Brien Posey

About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at


This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.