IM Cloud Knowledge Base
Quick Jump Menu
Create a VPN on Windows Server 2012 VM
Article Reference NumberAA-05485 Views59743

What is a VPN?

A virtual private network (VPN) allows computers to connect with otherwise-inaccessible, isolated, remote computer networks using the Internet or another intermediate network. A VPN isolates traffic that flows through it from other computers connected to the intermediate network, and thereby provides a secure connection.

VPNs can connect individual users to a remote network, or they can connect multiple networks together. Through VPNs, users are able to access resources on remote networks, such as files, printers, databases, or internal websites. For example, users may use a VPN to connect to their work computer terminal in order to work from home. VPN remote users get the impression of being directly connected to the central network via a point-to-point link.


For this VPN configuration you require the following:

Windows 2012 Standard

Minimum 2 IP addresses (must be in the same subnet)



1)    In Server Manager or Powershell, select the Remote Access role and click Next.

2)    Under Role Services, select DirectAccess and VPN (RAS) and click Next.

3)    Once the role installation completes, use the Getting Started Wizard to complete the VPN configuration.

4)    Select Deploy VPN Only. The MMC for Routing and Remote Access opens.

5)    Right click the server and select Configure and Enable Routing and Remote Access. The Setup Wizard launches.

6)    Since there is only one network interface, choose Custom Configuration and click Next.

7)    Check VPN Access and click Next.

8)    Select Finish.

Firewall Settings

Now that your VPN installation is complete, open the following ports in your Windows Firewall to allow the VPN traffic:

·         For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through

·         For L2TP over IPSEC: 1701 TCP and 500 UDP

·         For SSTP: 443 TCP

Enabling Users on VPN

The next step is to enable users to dial in on a standalone server. This can be done in the Computer Management MMC. If you are in a domain environment, you can do this in the user properties of Active Directory.

Defining a Static Address 'pool'

Since you don’t have a DHCP Server in our VM Environment, you have to add a static address pool.

1)    Right click on the remote access server and select Properties.

2)    Select the IPv4 tab and select Static address pool.

3)    Add your IP range eg. - And define the number of addresses to 2.

Printer and File Sharing through VPN

If you run in to trouble with access to printer and file sharing through the VPN, you can perform the following troubleshooting steps:

4)    Use gpedit.msc to change the settings.

5)    Computer Configuration->Windows Settings->Security Settings->Network List Manager Policies-> VPN Connection

6)    Change the location type to Private