Step 2: Server placement

With wireless networks proliferating it is a good idea to understand what it takes to build a VPN for a wireless gateway. Contributor and Microsoft MVP Brien Posey details the necessary steps in this step-by-step guide.

Now that I have described the required servers, I want to take a moment to discuss the ways that the servers will connect to your network.

The certificate authority and the IAS server will connect to your wired network in the same way that you would attach any other server. Just make sure that you don't make these servers domain controllers.

The VPN server will be a member of your domain and one of the VPN server's NICs will attach to your wired network. As I mentioned earlier, the VPN server's other NIC will connect to your wireless network. There is just one catch though: It is a huge security risk to attach the VPN server directly to the wireless network. You need to have a firewall in front of the VPN server. Many wireless access points have a built-in firewall that you can use. If your access point doesn't have a built-in firewall, then you could use Microsoft's ISA Server or a hardware-based firewall. You can see a sample diagram in Figure A.

This is how the servers should be placed on your network.

How to create a VPN for your wireless network

 Home: Introduction
 Step 1: Server requirements
 Step 2: Server placement
 Step 3: Setting up the certificate authority
 Step 4: Configuring the authentication server
 Step 5: Configuring the VPN server
 Step 6: Configuring wireless clients

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at
Copyright 2005 TechTarget

Read more on Wireless networking