78 is very simple. There arent any parameters to enter, and Microsoft includes a useful help document. Because of this, were not going to go over the step-by-step setup instructions for installation. As weve also said, Windows 98 comes with VPN access as a standard part of the OS. To configure PPTP for Windows 95 or 98, you must configure two dial-up networking profiles: one to connect to the ISP and one to connect to the PPTP server. Because many people are familiar with configuring DUN to connect to their ISP, well skip over that step. If youve never done it before, you can find information on how to set up a DUN entry in the document Microsoft included with the DUN update. In order to set up your VPN DUN profile, follow these steps: 1. Go to the Start menu, and select Programs Accessories Dial-Up Networking. 2. When the Dial-Up Networking window appears, click Make New Connection. 3. The Make New Connection wizard will appear. Type in what you want to call the connection profile in the Name of the computer you are dialing entry field. Well call ours Central Office VPN again see Figure 5-7 . In the Select a device pull-down menu, choose the Microsoft VPN Adapter. Figure 5-7. Creating a new VPN profile in the DUN Make New Connection wizard 4. Youll then see a dialog box asking you to type in the host name or IP address of the VPN server to which you wish to connect. For our example, well use 2.1.1.60 see Figure 5-8 . 79 Figure 5-8. Entering the IP address of the VPN server 5. Click Next, then Finish. An icon for your connection profile will appear in the Dial- Up Networking window. 6. Select the profile icon, then click on it with the right mouse button. Select Properties from the pop-up menu. A dialog box will appear, showing you the information you entered earlier for the VPN connection see Figure 5-9 . Click on the Server Types tab. Figure 5-9. The General dialog box for the Central Office VPN properties 7. In the Server Type dialog box Figure 5-10 , under Advanced options, check Log on to network if the network youre connecting to requires you to log on, such as in a Windows NT or Novell NetWare network. Enable software compression can remain checked. Require encrypted password doesnt need to be checked—its better to let the answering end determine this. 80 8. Under the allowed network protocols section, check the protocols youll be using on the remote network. If necessary, you can click on the TCPIP Settings button to input a static IP address, gateway address, and DNS server. Click OK to save your changes. Figure 5-10. The Server Types dialog box for the Central Office VPN profile

5.4 Enabling PPTP on Remote Access Switches

This section is intended for ISPs or network administrators who wish to configure PPTP on their remote access switches. ISPs may want to do this as a value-added service for their clients. Network administrators may want to set up their own remote access switches in order to offload some of the communications overhead involved in remote access from the RAS server, or to increase capacity. For instance, an Ascend MAX 4004 can handle 48 analog modem calls, while actually hanging that many modems off an NT server would cripple it. Here, well look at two common remote access switches: the U.S. Robotics Total Control Enterprise Network Hub and the Ascend MAX 4004.

5.4.1 Configuring PPTP on a 3ComU.S. Robotics Total Control Enterprise Network Hub

PPTP is available on 3ComU.S. Roboticss Total Control Enterprise Network Hub, beginning with Release 3.2 of their NETServer card firmware. The typical hub has one NETServer card, one ISDN PRI card with two ports giving you a total of 23 64-Kbps channels, plus a total of 48 digital modems. There are three options for implementing PPTP on the U.S. Robotics switch: configuring global PPTP parameters, configuring a port for PPTP, or configuring a specific user for PPTP. 81

5.4.1.1 Setting up global PPTP parameters

You can set up the hubs NETServer card with up to eight global PPTP RAS hosts. The NETServer card will use these hosts if a port or user has been set up for PPTP, but no specific RAS servers are specified. The first host in the list will be tried first, followed by the subsequent ones if the first host is not available. We recommend using the global parameters if the hub is providing dial-up services for a single NT domain, as in the case of a corporate network. Its not the ideal solution for an ISP, where youll have many users from many different companies, each with a unique RAS server. Here are the steps for setting up the global parameters: 1. Log into the NETServer card as root the administrator account, using either Telnet or the serial interface. 2. Use the following command to set up the PPTP hosts: set pptphost number hostname | ipaddress where number is the optional listing number 1 through 8 of the PPTP host. If no number is specified, the default of 1 is used. You can either specify the hostname of the RAS server, which is its fully qualified domain name, or the ipaddress of the server. We recommend using the IP address rather than the hostname, in case the hostname cant be resolved. 3. Use the Save All command to commit the changes to the hubs memory.

5.4.1.2 Setting up a port for PPTP

The NETServer card has numerous communications ports available—one for each dial-up device it supports. These are labeled S0 through S64. You may want to set PPTP on a specific port if you have certain channels nailed up, such as in the case of a leased line. Here are the steps to set this up: 1. At the command prompt, type in the following command to set up a port with PPTP: set port network hardwired Where port is the port number i.e., S1, S24, S48, etc. or all for the change to apply to all ports. 2. Enter the following to enable the PPTP protocol on the previous port: set port protocol pptp 3. The following command assigns a PPTP host to the specified port: set port pptphost number hostname | ipaddress If this command is omitted, the global PPTP hosts will be used.