This demonstration shows how to prepare Windows server network interfaces and configure Routing and Remote Access as a VPN tunnel for individual users.
- [Narrator] We've been talking a bit about virtual private networks, but so far, our remote access server is only configured to provide NAT functionality. In this video, we're going to reconfigure this server to provide both NAT, to keep our private network private, and a remote access VPN, to let specific users participate in our network from a distance. To do that, we're going to need one other server in place. This server is a domain controller, which is not yet significant. What's more important is that it's running both DHCP and DNS. IP management protocols that are going to be necessary in our network. And it's in the 172.16 network, which is the same network as the internal interface on our remote access server. Here on our remote access server, we can confirm that the internal interface is also on the 172.16 network. And at this point it's critical that we make sure that the external interface is statically assigned as well. It's necessary so VPN clients, out on the internet, will know where they can find the path in. I'm going to set this up using the same tool that we used to configure NAT to begin with. Under the tools menu, I'm going to open "Routing and Remote Access". Here we have our server that has the green arrow up because its already been configured. We're going to redo this configuration by right-clicking on the server and selecting "Disable Routing and Remote Access". This is a good is idea if it's a new installation and you just forgot some of the details, or if you just need a clean configuration with everything involved. Once I disable this, and say yes, that's what I want to do, I need to wait for this little clock to go ahead and tick through its process of taking down this configuration and stopping the service. Now that that's complete, I can right-click on the server again and choose "Configure and Enable Routing and Remote Access", and walk through this wizard. This time selecting virtual private network, VPN, and NAT. Once again, I'm prompted to select which interface connects to the internet, and once again I'm glad that I've already identified the interfaces. On the next screen, it asks how we want IP addresses to be assigned to the remote clients. I'm going to select automatically because we do have a DHCP server already in place. Here on this screen, we can see that our routing and remote access server didn't detect our DNS and DHCP servers. That's not unusual. This server isn't joined to the domain, so it doesn't have the benefit of Active Directory telling it where everything is. But since I know we have those services in place, I'm going to select that we have those or will have those. So they don't need to be part of this machine's configuration. When asked how users are going to authenticate, there are basically two options. This machine can authenticate users, or we can point to an external list. We will use Radius later on in the course but for now we're going to use local users. We can go ahead and finish the wizard now, but pay attention to the things that it says you will need to do. For example, here it tells us about a DHCP relay agent. Making sure that the DHCP traffic can leave our private network through this VPN tunnel to configure inbound clients. That's one of the next steps that we're going to complete to make this work.
- NAT implementation
- Site-to-site and remote access VPNs
- VPN connections to the cloud
- Planning a site-to-site VPN
- NPS configuration
- Using RADIUS to secure remote access
- NPS templates
- Applying connection-specific policies