Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 5: Configuring Access for Remote Clients and Networks.

Published byLorin Booker Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 5: Configuring Access for Remote Clients and Networks."— Presentation transcript:

1 Module 5: Configuring Access for Remote Clients and Networks

2 Overview VPN Overview Configuring VPNs

3 You can configure a Microsoft® Internet Security and Acceleration (ISA) Server 2000 computer as a Virtual Private Network (VPN) server to allow remote users, such as employees working away from the office, to gain access to network resources. You can also configure an ISA Server computer to enable computers on remote networks, such as branch offices, to connect networks by using a VPN, such as a main office and a remote office. ISA Management includes taskpads and wizards to help you set up and secure a VPN.

4 After completing this module, you will be able to: Explain the use of VPNs and ISA Server. Configure VPNs by using ISA Server.

5  VPN Overview Understanding VPNs Connecting Remote Users to a Corporate Network Connecting Remote Networks to a Local Network

6 ISA Server helps you set up and secure VPN connections for remote users and remote networks. When a remote user or a remote network communicates with an ISA Server computer through a VPN tunnel, data is encapsulated before and after it is sent across the Internet. You can use either the Point-to-Point Tunneling Protocol (PPTP) or the Layer 2 Tunneling Protocol (L2TP) over Internet Protocol Security (IPSec) to manage tunnels and encapsulate private data.

7 In this lesson you will learn about the following topics: Understanding VPNs Connecting remote users to a corporate network Connecting remote networks to a local network

8 Understanding VPNs An ISA VPN Server: Extends a Private Network Secures Communication Can Use PPTP or L2TP Internet

9 A VPN is an extension of a private network that encompasses links across public networks, such as the Internet. A VPN secures a connection by encrypting all network traffic before sending it across the Internet and then decrypting the traffic when it arrives at the other end of the VPN. Because the public network transports all VPN traffic in encapsulated form, a VPN connection is also referred to as tunneling. By configuring an ISA Server computer as a VPN server, remote users or computers on remote networks can send data to your internal network across the Internet while maintaining secure communications. The ISA VPN Server computer can use either PPTP or L2TP over IPSec to manage tunnels and encapsulate private data.

10 ISA Server uses the Routing and Remote Access service component of Microsoft Windows® 2000 to create and manage VPNs. If your network requires a VPN configuration that is different from the default configuration that the Routing and Remote Access service uses, you must perform further configurations after you have configured the ISA Server computer as a VPN server. For example, if your network does not use the Dynamic Host Configuration Protocol (DHCP) to assign Internet Protocol (IP) addresses to client computers, you must configure the IP addresses that the Routing and Remote Access service uses for the VPN.

11 Connecting Remote Users to a Corporate Network VPN Tunnel ISA Server Computer Remote User Internet Corporate Network

12 VPN connections allow users who work remotely to connect to the corporate network over a public network, such as the Internet. From the user's perspective, the infrastructure of the public network is irrelevant because it appears as if the data is sent over a dedicated private link. To allow client computers to establish a VPN connection, you must configure the ISA Server computer to accept VPN client connections.

13 Connecting Remote Networks to a Local Network VPN Tunnel ISA Server Computer Remote Network Internet Local Network ISA Server Computer

14 VPN connections also allow organizations to have routed connections over a public network, such as the Internet, with offices that are geographically separate. A routed VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

15 To enable computers in two networks to communicate with each other over the Internet by using ISA Server, you must configure an ISA Server computer on each network. You must configure one ISA Server computer as the local VPN server and the other ISA Server computer as the remote VPN server. The remote ISA Server computer initiates the connection and the local ISA Server computer responds to the connection request. When you have finished the configuration, users in each location are able to connect to computers on either side of the VPN connection. Note: You can also configure an ISA Server computer to allow outgoing VPN connections from internal clients to a VPN server on the Internet. For example, a consultant working onsite can connect to a home office by using a VPN connection. To configure outgoing VPN connections, you must configure the firewall to allow PPTP traffic to pass through.

16  Configuring VPNs Configuring a VPN to Accept Client Connections Configuring a Local VPN Configuring a Remote VPN

17 ISA Server includes taskpads that you can use to configure a VPN to accept client connections, to configure a local VPN, or to configure a remote VPN. When configuring ISA Server for a VPN connection between remote clients and your internal network, you configure a VPN connection on a single ISA Server computer. When configuring ISA Server for a VPN connection between two networks, you must configure a VPN connection on two ISA Server computers, one located at each endpoint of the tunnel. The first step is configuring a local VPN. The next step is configuring a remote VPN. The remote VPN setup uses configuration information that is created by the local VPN setup.

18 In this lesson you will learn about the following topics: Configuring a VPN to accept client connections Configuring a local VPN Configuring a remote VPN

19 Configuring a VPN to Accept Client Connections ISA VPN Server Wizard ISA Virtual Private Network (VPN) Server Summary ISA Virtual Private Network ( VPN) Server can accept VPN connections from remote clients over the Internet. < Back The Server will be configured with the properties listed below: Configure Routing and Remote Access Server as Virtual Private Network ( VPN) Enforce secured authentication and encryption methods. Open static packet filters for allowing PPTP and L2TP over IPSEC protocols. The number of ports available for clients to connect is 128, but this number can be Next > Lists the configuration properties set by the wizard.

20 You use the Configure a Client Virtual Private Network (VPN) taskpad button to launch the ISA VPN Server Wizard, which configures a VPN to accept client connections. The wizard sets up the Routing and Remote Access service to function as a VPN server that supports PPTP tunnels and L2TP over IPSec tunnels. The wizard also configures the Routing and Remote Access service for authentication and encryption and opens the appropriate ports on the ISA Server computer to allow client computers to establish VPN connections.

21  Configuring a VPN to Accept Client Connections To configure a VPN server to accept client connections: 1. In ISA Management, in the console tree, expand your ISA server or array, and then click Network Configuration. 2. In the details pane, click Configure a Client Virtual Private Network (VPN), and then click Next. 3. On the Completing the ISA VPN Server Wizard page, click Details to review the configuration settings, and then click Back. 4. On the Completing the ISA VPN Server Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish. 5. If ISA Server prompts you to start the Routing and Remote Access service, click Yes.

22 Note: After you have configured ISA Server to accept VPN connections from clients, you can configure additional settings by using the Routing and Remote Access service and by customizing IP packet filters in ISA Management.

23 Configuring a Local VPN Identify the Connections Select the Protocol(s) Specify Communication Specify Remote Addresses Specify Local Addresses Save Configuration File StartStart FinishFinish

24 You use the Configure a Local Virtual Private Network (VPN) taskpad button to launch the Local ISA VPN Wizard. The Local ISA VPN Wizard configures the ISA Server computer that responds to connection requests from the remote VPN Server.

25 When you set up a local VPN server on an ISA Server computer, the Local ISA VPN Wizard creates the dial-on- demand interfaces that are required to receive connections from the remote network. The Local ISA VPN Wizard also configures the IP packet filters that are required to allow incoming VPN connections. In addition, the Local ISA VPN Wizard creates a VPN configuration settings (.vpc) file, which you must use when you configure the remote VPN server. Important: After you run the Local ISA VPN Server Wizard to configure a local VPN server, you must run the Remote ISA VPN Server Wizard to configure a remote VPN server on the ISA Server computer that will be the other endpoint of the VPN tunnel.

26  Configuring a Local VPN To configure a local VPN server on an ISA Server computer: 1. In ISA Management, in the console tree, expand your server or array, and then click Network Configuration. 2. In the details pane, click Configure a Local Virtual Private Network (VPN), and then click Next. 3. If ISA Server prompts you to start the Routing and Remote Access service, click Yes. 4. On the ISA Virtual Private Network (VPN) Identification page, type a name to identify the local network, type a name to identify the remote network, and then click Next. ISA Server will create a VPN connection in the Routing and Remote Access service that uses a name in the format local network_remote network.

27 5. On the ISA Virtual Private Network (VPN) Protocol page, select one of the following protocols, and then click Next: Use L2TP over IPSec. Use this connection type when both computer endpoints support IPSec. IPSec is preferred because it is more secure than PPTP, but both computer endpoints may not be able to support IPSec. Use PPTP. Use PPTP only if you are certain that both computer endpoints do not support IPSec. Use L2TP over IPSec, if available. Otherwise, use PPTP. Use this connection type when you are not certain that both computer endpoints of the tunnel can use L2TP over IPSec.

28 6. On the Two-way Communication page, select the Both the local and remote ISA VPN computers can initiate communication check box if both local and remote VPN computers should be able initiate communication. Type the network address and computer name for the remote computer, and then click Next. 7. On the Remote Virtual Private Network (VPN) Network page, click Add to enter the ranges of IP addresses on the remote network that the local computer can gain access to, and then click Next. 8. On the Local Virtual Private Network (VPN) Network page, select the IP address of the local computer that the remote ISA VPN computer will connect to, click Add or Remove to change the ranges of IP addresses on the local network that computers on the remote access can connect to, and then click Next.

29 9. On the ISA VPN Computer Configuration File page, type a name and a path to use to save the ISA VPN configuration file, and then type a password for the file. You will provide this file to the remote server administrator to finish the configuration on that server. Important: The administrator of the remote ISA VPN Server will need the password when running the Remote ISA VPN Wizard to complete the connection. 10. On the Completing the ISA VPN Setup Wizard page, click Details to review the configuration steps that ISA Server will perform to configure the VPN, and then click Back. 11. On the Completing the ISA VPN Setup Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish.

30 Configuring a Remote VPN Remote ISA VPN Wizard ISA VPN Computer Configuration File Specify the.vpc file to use when setting up and configuring the ISA Virtual Private Network (VPN) computer. The.vpc file includes information about the remote ISA VPN computer. < BackCancel Specify the.vpc file to use for setting up and configuring the ISA VPN computer. The.vpc file includes information about the remote ISA VPN computer. File name Browse… Type the password to decrypt the configuration file. Password Specify the path and file name for the.vpc file. Type the password for the file. Next >

31 You use the Configure a Remote Virtual Private Network (VPN) taskpad button to launch the Remote ISA VPN Wizard. The Remote ISA VPN Wizard configures the ISA Server computer that initiates connections to the local VPN Server.

32 When you set up a remote VPN server on an ISA Server computer, the Remote ISA VPN Wizard uses the.vpc file to create the demand-dial interfaces that are required to initiate connections to the local VPN server. The Remote ISA VPN Wizard also configures the IP packet filters that are required to protect the connection. Important: To configure a remote ISA VPN Server, you must have the.vpc file and the password that were created during the setup of the local ISA VPN Server.

33  Configuring a Remote VPN To configure a remote VPN server on an ISA Server computer: 1. In ISA Management, in the console tree, expand your server or array, and then click Network Configuration. 2. In the details pane, click Configure a Remote Virtual Private Network (VPN), and then click Next. 3. On the ISA VPN Computer Configuration File page, type the name and path for the.vpc file, type the password that the administrator of the local VPN server used to secure the.vpc file, and then click Next. 4. On the Completing the ISA VPN Configuration Wizard page, click Details to review the configuration steps that ISA Server will perform to configure the VPN, and then click Back. 5. On the Completing the ISA VPN Configuration Wizard page, select the appropriate check boxes to view information on configuring the Routing and Remote Access service or IP packet filtering, and then click Finish.

34 Lab A: Configuring Virtual Private Networks

35 Objectives After completing this lab, you will be able to: Configure an ISA Server computer as a VPN server for client connections. Configure an ISA Server computer as a VPN server that connects two networks.

36 Prerequisites Before working on this lab, you must have: Knowledge of VPNs. The knowledge and skills to modify a user account by using Active Directory Users and Computers. Experience configuring Routing and Remote Access for VPNs. Experience using ISA Management.

37 Lab Setup This lab environment includes the following resources: A computer running Microsoft Windows 2000 Advanced Server with ISA Server installed. A computer running Windows 2000 Advanced Server that is configured as a Firewall client and a Web Proxy client and that has ISA Management installed. A protocol rule that allows members of the local Adminstrators group, which includes the Domain Admins group, to gain access to the internet. A blank, formatted floppy disk.

38 Scenario You want to allow users in your organization to securely connect to your internal network by using a VPN. You also want to use a VPN to connect networks that your organization maintains in two separate locations.

39 Exercise 1: Configuring PPTP Connections for Client Computers In this exercise, you will configure ISA Server to allow incoming PPTP connections from client computers. You will work with another team of students to test the connection.

40 Scenario Several users in your organization work remotely, but they must connect to your organization's network to perform their jobs. You must configure ISA Server so that users can successfully establish PPTP connections from the Internet to your internal network. Online Simulation

41 Exercise 2: Configuring a VPN Connection Between Networks In this exercise, you will configure a VPN connection between two networks.

42 Scenario Northwind Traders has a branch office that must connect to the main office by using a VPN connection over the Internet. Because both offices are connected to the Internet by using ISA Server, you must configure ISA Server to allow this connection. Online Simulation

43 Review VPN Overview Configuring VPNs

Download ppt "Module 5: Configuring Access for Remote Clients and Networks."

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.

Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

Similar presentations

Ads by Google