Terminal Services  «Prev  Next»

Lesson 5 Configure VPN ports
Objective Configure VPN ports.

Configure VPN ports

Here's a breakdown of the essential ports you'll likely need to configure on a Windows Server 2022 VPN server, depending on the specific VPN protocol you choose:
Common VPN Protocols and Their Default Ports
  1. PPTP (Point-to-Point Tunneling Protocol):
    • TCP Port 1723: (For control connections)
    • Protocol 47 GRE: (Generic Routing Encapsulation – for data tunneling)
  2. L2TP/IPSec (Layer 2 Tunneling Protocol with IPSec):
    • UDP Port 500: (For IKE - Internet Key Exchange)
    • UDP Port 4500: (For NAT traversal)
    • UDP Port 1701: (For L2TP traffic)
    • Protocol 50 ESP: (Encapsulating Security Payload - in case IPSec uses ESP)
  3. SSTP (Secure Socket Tunneling Protocol): TCP Port 443: (SSTP tunnels through this port, making it resemble HTTPS traffic)

Important Considerations
  • Firewall Configuration: Ensure your firewall on Windows Server 2022 allows inbound and outbound traffic on the relevant ports for your chosen protocol.
  • Network Address Translation (NAT): Configure NAT rules on your router or firewall if you want your VPN server to be accessible from the public internet.
  • Security: Pay close attention to security, especially with older protocols like PPTP, which is known to have vulnerabilities. L2TP/IPSec or SSTP are generally preferred for better security.

Configuring the VPN Server Windows Server 2022 typically features the Routing and Remote Access Service (RRAS), which lets you set up and configure your VPN settings.
In order to create a VPN server, you must configure ports on the VPN server for VPN clients to dial into. In this lesson, we will examine how to configure those inbound ports so that VPN clients can create secure private connections with a VPN server.


Configure Ports

When RRAS is started for the first time, Windows 2000 automatically creates five PPTP and five L2TP ports, as illustrated in the image below:
VPN ports
VPN ports

The number of VPN ports that are available to any RAS is not limited by the hardware. You can configure VPN ports under Ports in the console tree of Routing and Remote Access. To configure VPN ports, perform the following steps:

  1. Open Routing and Remote Access from the Administrative Tools menu.
  2. In the console tree of Routing and Remote Access, open the Properties dialog box for Ports.
Routing and Remote Access Properties dialog box
  1. In the Ports Properties dialog box, select a device-for VPN ports--eitherWAN Miniport (PPTP) or WAN Miniport (L2TP)--and then click Configure.
  2. In the Configure Ports dialog box, select the Remote access (inbound) check box to enable inbound VPN connections.
Configure ports dialog box
Configure ports dialog box
  1. Optionally, you can increase or decrease the number of virtual ports available on the server.
  2. Click OK in the Configure Ports and Ports Properties dialog boxes.
The next lesson demonstrates how to configure modem and cable ports.

Configure VPN Ports - Exercise

Click the Exercise link below to practice configuring inbound VPN connections.
Configure VPN Ports - Exercise

SEMrush Software5