hey,
i've been posting like a madman over at [H]|OCP these last few days trying to get a fix for a VPN issue i've been having. the solutions seems so easy it's actually kind of creepy... i've registered here to get as many opinions as possible. here's the facts:
i have a win2k-server box acting as a PDC for my LAN.
i want to be able to VPN in.
i have an extra external IP addy i'm not using.
i went ahead and put NIC #2 in the PDC, gave it an external IP, and set up RRAS (vpn stuff) on the box.
i can VPN in beautifully, using actual domain accounts, actual domain folder restrictions, etc...
Before i was VPNing in thru my router, but not with an actual domain account... but only shares that were "wide open" could be browsed... not very domain integrated. by bypassing the router altogether, and using an external NIC, everything works great.
BUT!
i know Win2k is sketchy on the net. i have no IIS garbage running on the box, though... is it still a security risk to have my PDC "out there" if no FTP, WWW, telnet etc is running? i'll obviously want to put restrictions on my domain accts (there are about 20 accts, only 5 or 6 will be granted VPN dial in rights), requiring passwords along the lines of "pH&juY_%r" or whatever...
but other than that.....
... am i asking for it?
thanks for the help, guys.
i've been posting like a madman over at [H]|OCP these last few days trying to get a fix for a VPN issue i've been having. the solutions seems so easy it's actually kind of creepy... i've registered here to get as many opinions as possible. here's the facts:
i have a win2k-server box acting as a PDC for my LAN.
i want to be able to VPN in.
i have an extra external IP addy i'm not using.
i went ahead and put NIC #2 in the PDC, gave it an external IP, and set up RRAS (vpn stuff) on the box.
i can VPN in beautifully, using actual domain accounts, actual domain folder restrictions, etc...
Before i was VPNing in thru my router, but not with an actual domain account... but only shares that were "wide open" could be browsed... not very domain integrated. by bypassing the router altogether, and using an external NIC, everything works great.
BUT!
i know Win2k is sketchy on the net. i have no IIS garbage running on the box, though... is it still a security risk to have my PDC "out there" if no FTP, WWW, telnet etc is running? i'll obviously want to put restrictions on my domain accts (there are about 20 accts, only 5 or 6 will be granted VPN dial in rights), requiring passwords along the lines of "pH&juY_%r" or whatever...
but other than that.....
... am i asking for it?
thanks for the help, guys.
Last edited:
