Using PPTP, RRAS, and Proxy Server 2.0

ID: Q176924

The information in this article applies to:
  • Microsoft Proxy Server version 2.0
  • Routing and Remote Access Service (RRAS) version 1.0

SUMMARY

This article describes the use of Point to Point Tunneling Protocol (PPTP) with Proxy Server 2.0.


MORE INFORMATION

The Routing and Remote Access Server (RRAS) add on for Microsoft Windows NT can be used to create virtual private networks (VPNs) across the Internet. VPNs use the PPTP protocol for secure encrypted communication across the Internet.

Proxy Server 2.0 provides safe and efficient user access from the Intranet to the Internet. Proxy Server 2.0 also has a packet filtering feature that allows it to be configured as a firewall. Other features include content caching, SOCKS 4.3 support, and Winsock Proxy support.

Proxy Server 2.0 and RRAS can co-exist on the same server without loss of functionality to either product.

  • RRAS PPTP Server will co-exist with Proxy Server 2.0 and receive PPTP connections from the Internet. If Proxy Server packet filtering is enabled, the predefined filter PPTP RECEIVE must be enabled.

    Please see the Proxy Server 2.0 Readme.txt file for information on the RRAS hotfix that is also required. Or connect to the following location for more information:
    http://www.microsoft.com/ntserver/nts/downloads/winfeatures/rras/rrasdown.asp


  • Windows NT PPTP Client can be installed on Proxy Server 2.0. The PPTP client (meaning the Proxy 2.0 server) will be able to make calls to the Internet because it is making a direct connection to the Internet and is the source of the PPTP connection. Any proxy clients behind the proxy server will also be able to use the PPTP session that has been established. This is because after the PPTP connection is up, the Proxy server treats the PPTP connection just like another network interface.

    If Proxy Server packet filtering is enabled, the predefined filter PPTP CALL must be enabled.


  • A PPTP client located behind Microsoft Proxy Server will not be able to call a PPTP server located on the Internet by using the "Winsock Proxy client" connection to the Proxy server. The Winsock Proxy client included with Microsoft Proxy Server versions 1.0 and 2.0 does not have the capability of "remote" PPTP calls. PPTP calls can only originate from or be received on the proxy server computer itself.

    However, with RRAS on the same server, a client could pass its PPTP packets underneath the Proxy service. This will only work if the destination address is configured in the LAT table indicating that the destination is considered local. If the destination is local, the packets will not be sent to the Proxy server via the Winsock Proxy client, but will be sent on the network as normal, routeable packets that RRAS can route to the destination based on its routing table.

    Because the PPTP Proxy filters are predefined for the local server in terms of source and destination addresses, it will block any PPTP packets it did not create. To implement PPTP filters in this scenario, you have to use RRAS filters instead. For additional information about how to setup RRAS PPTP filters, please click the article number below to view the article in the Microsoft Knowledge Base:
    Q169890 Enable PPTP Filtering Option No Longer Works


A DMZ network setup can also be used to work around this limitation, but it requires public IP addresses for your PPTP clients. See the following Knowledge Base article for more information:
Q191146 How to Create a DMZ Network with Proxy Server 2.0

Additional query words: steel head steelhead tunnel ras vpn ssl freque ntly asked questions faq p rx2faq

Keywords : kbother pxsconfig pxshowto
Version : winnt:1.0,2.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: September 2, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.