Test Lab Guide: Demonstrate Remote Access VPNs

Test Lab Guide: Demonstrate Remote Access VPNs


Step 1: Base Configuration test lab


Set up the base configuration test lab with the instructions found in
Base Configuration TLG.

Step 2: Set up EDGE1 as the VPN Server

  1. On DC1, click Start, point to Administrative Tools, and then click Active Directory Users and Groups.
  2. In Active Directory Users and Groups, click on Users in the tree, and then double-click RAS and IAS Servers in the list.
  3. Click the Members tab, and then click Add.
  4. Click Object Types, select Computers, click OK, type EDGE1, and then click OK twice.
  5. In the list, double-click the User1 account.
  6. Click the Dial-In tab, click Allow access in Network Access Permission, and then click OK.
  7. On EDGE1, from Server Manager, click Roles, and then click Add Roles.
  8. On the Before You Begin page, click Next.
  9. On the Server Roles page, select Network Policy and Access Services in the list of Roles, and then click Next.
  10. On the Network Policy and Access Services page, click Next.
  11. On the Select Role Services page, select Routing and Remote Access Services, and then click Next.
  12. On the Confirm Installation Selections page, click Install.
  13. On the Installation Results page, click Close.
  14. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
  15. In the Routing and Remote Access window, right-click EDGE1, and then click Configure and Enable Routing and Remote Access.
  16. On the Welcome to the Routing and Remote Access Server Setup Wizard page, click Next.
  17. On the Configuration page, click Next.
  18. On the Remote Access page, select VPN, and then click Next.
  19. On the VPN Connection page, click the Internet network interface, and then click Next.
  20. On the IP Address Assignment page, click Next.
  21. On the Managing Multiple Remote Access Servers page, click Next.
  22. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.
  23. When prompted with a message about configuring the DHCP Relay Agent, click OK.
  24. In Routing and Remote Access, open IPv4 in the tree, right-click DHCP Relay Agent, and then click Properties.
  25. In Server address, type 10.0.0.1, click Add, and then click OK.
  26. Connect CLIENT1 to the Corpnet subnet.
  27. On CLIENT1, from the Command Prompt window, type ping app1, and then press ENTER. You should see the name app1.corp.contoso.com resolved to the IPv4 address 10.0.0.3 and four successful replies.
  28. In Internet Explorer, in the Address bar, type http://app1.corp.contoso.com/, press ENTER, and then press F5. You should see the default IIS 7 Web page for APP1.
  29. Close Internet Explorer.
  30. Click Start, type \\app1\files, and then press ENTER. You should see a folder window with the contents of the Files shared folder.
  31. In the Files shared folder window, double-click the Example.txt file.
  32. Close the example.txt - Notepad window and the Files shared folder window.

 

Step 3: Configure CLIENT1 as a VPN Client and Test

  1. Connect CLIENT1 to the Internet subnet.
  2. On CLIENT1, from the Command Prompt window, type ping app1, and then press ENTER. You should see the message “Ping request could not find the host app1.”
  3. In Internet Explorer, in the Address bar, type http://app1.corp.contoso.com/, press ENTER, and then press F5. You should see the message “Internet Explorer cannot display the webpage”.
  4. Close Internet Explorer.
  5. Click Start, type \\app1\files, and then press ENTER. You should see a message stating “Windows cannot access \\app1\files.” Click Cancel.
  6. On CLIENT1, click the network icon in the notification area, and then click Open Network and Sharing Center.
  7. In Change your network settings, click Set up a new connection or network.
  8. For Choose a connection option, double-click Connect to a workplace.
  9. For How do you want to connect?, click Use my Internet connection.
  10. For Type the Internet address to connect to, type 131.107.0.2 in Internet address, select Don’t connect now, and then click Next.
  11. For Type your user name and password, type user1 in User name, the password in Password, and CORP in Domain, and then click Create.
  12. For The connection is ready to use, click Close.
  13. In the Network and Sharing Center, click Change adapter settings.
  14. In Network Connections, double-click VPN Connection.
  15. In Connect VPN Connection, type the password in Password, and then click Connect. You should see a successful VPN connection, identifying itself as being on the corp.contoso.com network.
  16. From the Command Prompt window, type ping app1, and then press ENTER. You should see the name app1.corp.contoso.com resolved to the IPv4 address 10.0.0.3 and four successful replies.
  17. In Internet Explorer, in the Address bar, type http://app1.corp.contoso.com/, and then press ENTER. You should see the default IIS 7 Web page for APP1.
  18. Close Internet Explorer.
  19. Click Start, type \\app1\files, and then press ENTER. You should see a folder window with the contents of the Files shared folder.
  20. In the Files shared folder window, double-click the Example.txt file.
  21. Close the example.txt - Notepad window and the Files shared folder window.
  22. In Network Connections, right-click VPN Connection, and then click Disconnect.
Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Fernando Lugão Veltem edited Revision 1. Comment: added toc

  • Joe Davies edited Original. Comment: Added steps to configure the User1 account for Allow access.

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Doing these test lab guides is easy! I did this one in a few hours. I just wrote down the procedure as I went and copied some sections from the DirectAccess test lab guide. Did a verify pass and posted.

  • Fred, you are awesome! If you really like creating Test Lab Guides, and are interested in doing another. The very popular Active Directory Certificate Services Step-by-Step Guide technet.microsoft.com/.../cc772393(WS.10).aspx needs to become a Test Lab Guide. I plan to do it myself, but if you are feeling like cranking these out, please, do so. :-)

  • Hi Kurt, These are a by-product of a POC I am in charge of for replacing our current VPN solution with Winodws. PKI is not in my realm. Sorry I can't help you.

  • I had to modify user1 to get this to work.  In Active Directory, I had to go to the Properties Tab, Network Access Permission, and Allow Access.  After that it worked.  Great write up.

  • I found I ran into the same issue where I could not connect straight away and had to go and change the remote access permissions in AD also.  Could there be a step missing when setting up RRAS?  

  • Joe Davies edited Original. Comment: Added steps to configure the User1 account for Allow access.

  • Added the steps to configure the User1 account for the Allow Access dial-in permission.

  • Fernando Lugão Veltem edited Revision 1. Comment: added toc

  • It looks like in the final version "Network Policy and Access Services" and "Remote Access" are two separate roles. Therefore substeps 9, 10 and 11 in step 2 (setting up EDGE1) need to be adjusted. That is, you select both roles and then continue the installation. At the end there is a link to configure Routing and remote access that takes you to the same place as administrative tools.

Page 1 of 1 (9 items)