Module 5: Configuring Access for Remote Clients and Networks.

Slides:



Advertisements
Similar presentations
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Advertisements

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Lesson 19: Configuring Windows Firewall
Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Module 3: Planning and Troubleshooting Routing and Switching.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Using Windows Firewall and Windows Defender
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Chapter 13 – Network Security
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
1 Chapter Overview Installing the TCP/IP Protocols Configuring TCP/IP.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Module 5: Configuring Access for Remote Clients and Networks.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
Lesson 11: Configuring and Maintaining Network Security
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Virtual Private Network Access for Remote Networks
Module 3: Enabling Access to Internet Resources
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Networks
Module Overview Installing and Configuring a Network Policy Server
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Virtual Private Network (VPN)
Goals Introduce the Windows Server 2003 family of operating systems
AbbottLink™ - IP Address Overview
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

Module 5: Configuring Access for Remote Clients and Networks

Overview VPN Overview Configuring VPNs

You can configure a Microsoft® Internet Security and Acceleration (ISA) Server 2000 computer as a Virtual Private Network (VPN) server to allow remote users, such as employees working away from the office, to gain access to network resources. You can also configure an ISA Server computer to enable computers on remote networks, such as branch offices, to connect networks by using a VPN, such as a main office and a remote office. ISA Management includes taskpads and wizards to help you set up and secure a VPN.

After completing this module, you will be able to: Explain the use of VPNs and ISA Server. Configure VPNs by using ISA Server.

 VPN Overview Understanding VPNs Connecting Remote Users to a Corporate Network Connecting Remote Networks to a Local Network

ISA Server helps you set up and secure VPN connections for remote users and remote networks. When a remote user or a remote network communicates with an ISA Server computer through a VPN tunnel, data is encapsulated before and after it is sent across the Internet. You can use either the Point-to-Point Tunneling Protocol (PPTP) or the Layer 2 Tunneling Protocol (L2TP) over Internet Protocol Security (IPSec) to manage tunnels and encapsulate private data.

In this lesson you will learn about the following topics: Understanding VPNs Connecting remote users to a corporate network Connecting remote networks to a local network

Understanding VPNs An ISA VPN Server: Extends a Private Network Secures Communication Can Use PPTP or L2TP Internet

A VPN is an extension of a private network that encompasses links across public networks, such as the Internet. A VPN secures a connection by encrypting all network traffic before sending it across the Internet and then decrypting the traffic when it arrives at the other end of the VPN. Because the public network transports all VPN traffic in encapsulated form, a VPN connection is also referred to as tunneling. By configuring an ISA Server computer as a VPN server, remote users or computers on remote networks can send data to your internal network across the Internet while maintaining secure communications. The ISA VPN Server computer can use either PPTP or L2TP over IPSec to manage tunnels and encapsulate private data.

ISA Server uses the Routing and Remote Access service component of Microsoft Windows® 2000 to create and manage VPNs. If your network requires a VPN configuration that is different from the default configuration that the Routing and Remote Access service uses, you must perform further configurations after you have configured the ISA Server computer as a VPN server. For example, if your network does not use the Dynamic Host Configuration Protocol (DHCP) to assign Internet Protocol (IP) addresses to client computers, you must configure the IP addresses that the Routing and Remote Access service uses for the VPN.

Connecting Remote Users to a Corporate Network VPN Tunnel ISA Server Computer Remote User Internet Corporate Network

VPN connections allow users who work remotely to connect to the corporate network over a public network, such as the Internet. From the user's perspective, the infrastructure of the public network is irrelevant because it appears as if the data is sent over a dedicated private link. To allow client computers to establish a VPN connection, you must configure the ISA Server computer to accept VPN client connections.

Connecting Remote Networks to a Local Network VPN Tunnel ISA Server Computer Remote Network Internet Local Network ISA Server Computer

VPN connections also allow organizations to have routed connections over a public network, such as the Internet, with offices that are geographically separate. A routed VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

To enable computers in two networks to communicate with each other over the Internet by using ISA Server, you must configure an ISA Server computer on each network. You must configure one ISA Server computer as the local VPN server and the other ISA Server computer as the remote VPN server. The remote ISA Server computer initiates the connection and the local ISA Server computer responds to the connection request. When you have finished the configuration, users in each location are able to connect to computers on either side of the VPN connection. Note: You can also configure an ISA Server computer to allow outgoing VPN connections from internal clients to a VPN server on the Internet. For example, a consultant working onsite can connect to a home office by using a VPN connection. To configure outgoing VPN connections, you must configure the firewall to allow PPTP traffic to pass through.

 Configuring VPNs Configuring a VPN to Accept Client Connections Configuring a Local VPN Configuring a Remote VPN

ISA Server includes taskpads that you can use to configure a VPN to accept client connections, to configure a local VPN, or to configure a remote VPN. When configuring ISA Server for a VPN connection between remote clients and your internal network, you configure a VPN connection on a single ISA Server computer. When configuring ISA Server for a VPN connection between two networks, you must configure a VPN connection on two ISA Server computers, one located at each endpoint of the tunnel. The first step is configuring a local VPN. The next step is configuring a remote VPN. The remote VPN setup uses configuration information that is created by the local VPN setup.

In this lesson you will learn about the following topics: Configuring a VPN to accept client connections Configuring a local VPN Configuring a remote VPN

Configuring a VPN to Accept Client Connections ISA VPN Server Wizard ISA Virtual Private Network (VPN) Server Summary ISA Virtual Private Network ( VPN) Server can accept VPN connections from remote clients over the Internet. < Back The Server will be configured with the properties listed below: Configure Routing and Remote Access Server as Virtual Private Network ( VPN) Enforce secured authentication and encryption methods. Open static packet filters for allowing PPTP and L2TP over IPSEC protocols. The number of ports available for clients to connect is 128, but this number can be Next > Lists the configuration properties set by the wizard.

You use the Configure a Client Virtual Private Network (VPN) taskpad button to launch the ISA VPN Server Wizard, which configures a VPN to accept client connections. The wizard sets up the Routing and Remote Access service to function as a VPN server that supports PPTP tunnels and L2TP over IPSec tunnels. The wizard also configures the Routing and Remote Access service for authentication and encryption and opens the appropriate ports on the ISA Server computer to allow client computers to establish VPN connections.

 Configuring a VPN to Accept Client Connections To configure a VPN server to accept client connections: 1. In ISA Management, in the console tree, expand your ISA server or array, and then click Network Configuration. 2. In the details pane, click Configure a Client Virtual Private Network (VPN), and then click Next. 3. On the Completing the ISA VPN Server Wizard page, click Details to review the configuration settings, and then click Back. 4. On the Completing the ISA VPN Server Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish. 5. If ISA Server prompts you to start the Routing and Remote Access service, click Yes.

Note: After you have configured ISA Server to accept VPN connections from clients, you can configure additional settings by using the Routing and Remote Access service and by customizing IP packet filters in ISA Management.

Configuring a Local VPN Identify the Connections Select the Protocol(s) Specify Communication Specify Remote Addresses Specify Local Addresses Save Configuration File StartStart FinishFinish

You use the Configure a Local Virtual Private Network (VPN) taskpad button to launch the Local ISA VPN Wizard. The Local ISA VPN Wizard configures the ISA Server computer that responds to connection requests from the remote VPN Server.

When you set up a local VPN server on an ISA Server computer, the Local ISA VPN Wizard creates the dial-on- demand interfaces that are required to receive connections from the remote network. The Local ISA VPN Wizard also configures the IP packet filters that are required to allow incoming VPN connections. In addition, the Local ISA VPN Wizard creates a VPN configuration settings (.vpc) file, which you must use when you configure the remote VPN server. Important: After you run the Local ISA VPN Server Wizard to configure a local VPN server, you must run the Remote ISA VPN Server Wizard to configure a remote VPN server on the ISA Server computer that will be the other endpoint of the VPN tunnel.

 Configuring a Local VPN To configure a local VPN server on an ISA Server computer: 1. In ISA Management, in the console tree, expand your server or array, and then click Network Configuration. 2. In the details pane, click Configure a Local Virtual Private Network (VPN), and then click Next. 3. If ISA Server prompts you to start the Routing and Remote Access service, click Yes. 4. On the ISA Virtual Private Network (VPN) Identification page, type a name to identify the local network, type a name to identify the remote network, and then click Next. ISA Server will create a VPN connection in the Routing and Remote Access service that uses a name in the format local network_remote network.

5. On the ISA Virtual Private Network (VPN) Protocol page, select one of the following protocols, and then click Next: Use L2TP over IPSec. Use this connection type when both computer endpoints support IPSec. IPSec is preferred because it is more secure than PPTP, but both computer endpoints may not be able to support IPSec. Use PPTP. Use PPTP only if you are certain that both computer endpoints do not support IPSec. Use L2TP over IPSec, if available. Otherwise, use PPTP. Use this connection type when you are not certain that both computer endpoints of the tunnel can use L2TP over IPSec.

6. On the Two-way Communication page, select the Both the local and remote ISA VPN computers can initiate communication check box if both local and remote VPN computers should be able initiate communication. Type the network address and computer name for the remote computer, and then click Next. 7. On the Remote Virtual Private Network (VPN) Network page, click Add to enter the ranges of IP addresses on the remote network that the local computer can gain access to, and then click Next. 8. On the Local Virtual Private Network (VPN) Network page, select the IP address of the local computer that the remote ISA VPN computer will connect to, click Add or Remove to change the ranges of IP addresses on the local network that computers on the remote access can connect to, and then click Next.

9. On the ISA VPN Computer Configuration File page, type a name and a path to use to save the ISA VPN configuration file, and then type a password for the file. You will provide this file to the remote server administrator to finish the configuration on that server. Important: The administrator of the remote ISA VPN Server will need the password when running the Remote ISA VPN Wizard to complete the connection. 10. On the Completing the ISA VPN Setup Wizard page, click Details to review the configuration steps that ISA Server will perform to configure the VPN, and then click Back. 11. On the Completing the ISA VPN Setup Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish.

Configuring a Remote VPN Remote ISA VPN Wizard ISA VPN Computer Configuration File Specify the.vpc file to use when setting up and configuring the ISA Virtual Private Network (VPN) computer. The.vpc file includes information about the remote ISA VPN computer. < BackCancel Specify the.vpc file to use for setting up and configuring the ISA VPN computer. The.vpc file includes information about the remote ISA VPN computer. File name Browse… Type the password to decrypt the configuration file. Password Specify the path and file name for the.vpc file. Type the password for the file. Next >

You use the Configure a Remote Virtual Private Network (VPN) taskpad button to launch the Remote ISA VPN Wizard. The Remote ISA VPN Wizard configures the ISA Server computer that initiates connections to the local VPN Server.

When you set up a remote VPN server on an ISA Server computer, the Remote ISA VPN Wizard uses the.vpc file to create the demand-dial interfaces that are required to initiate connections to the local VPN server. The Remote ISA VPN Wizard also configures the IP packet filters that are required to protect the connection. Important: To configure a remote ISA VPN Server, you must have the.vpc file and the password that were created during the setup of the local ISA VPN Server.

 Configuring a Remote VPN To configure a remote VPN server on an ISA Server computer: 1. In ISA Management, in the console tree, expand your server or array, and then click Network Configuration. 2. In the details pane, click Configure a Remote Virtual Private Network (VPN), and then click Next. 3. On the ISA VPN Computer Configuration File page, type the name and path for the.vpc file, type the password that the administrator of the local VPN server used to secure the.vpc file, and then click Next. 4. On the Completing the ISA VPN Configuration Wizard page, click Details to review the configuration steps that ISA Server will perform to configure the VPN, and then click Back. 5. On the Completing the ISA VPN Configuration Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish.

Lab A: Configuring Virtual Private Networks

Objectives After completing this lab, you will be able to: Configure an ISA Server computer as a VPN server for client connections. Configure an ISA Server computer as a VPN server that connects two networks.

Prerequisites Before working on this lab, you must have: Knowledge of VPNs. The knowledge and skills to modify a user account by using Active Directory Users and Computers. Experience configuring Routing and Remote Access for VPNs. Experience using ISA Management.

Lab Setup This lab environment includes the following resources: A computer running Microsoft Windows 2000 Advanced Server with ISA Server installed. A computer running Windows 2000 Advanced Server that is configured as a Firewall client and a Web Proxy client and that has ISA Management installed. A protocol rule that allows members of the local Adminstrators group, which includes the Domain Admins group, to gain access to the internet. A blank, formatted floppy disk.

Scenario You want to allow users in your organization to securely connect to your internal network by using a VPN. You also want to use a VPN to connect networks that your organization maintains in two separate locations.

Exercise 1: Configuring PPTP Connections for Client Computers In this exercise, you will configure ISA Server to allow incoming PPTP connections from client computers. You will work with another team of students to test the connection.

Scenario Several users in your organization work remotely, but they must connect to your organization's network to perform their jobs. You must configure ISA Server so that users can successfully establish PPTP connections from the Internet to your internal network. Online Simulation

Exercise 2: Configuring a VPN Connection Between Networks In this exercise, you will configure a VPN connection between two networks.

Scenario Northwind Traders has a branch office that must connect to the main office by using a VPN connection over the Internet. Because both offices are connected to the Internet by using ISA Server, you must configure ISA Server to allow this connection. Online Simulation

Review VPN Overview Configuring VPNs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.