Configuring and Testing a PPTP Profile


This section describes how to configure the example.com domain for VPN access, create a PPTP Connection Manager profile that does not require dial-up access (also known as a VPN-only profile), and install and test this profile on the client computer.

DC1

To configure the test lab for PPTP access, configure an appropriate user account and an appropriate group on DC1.

Create a user account for VPN connections

  1. Open the Active Directory Users And Computers administrative tool.

  2. In the console tree, double-click the domain name, right-click Users, point to New, and then click User.

  3. In the New Object – User dialog box, type VPNUser in the First Name text box, type VPNUser in the User Logon Name text box, and click Next.

  4. In the second New Object – User dialog box, type a password in the Password and Confirm Password text boxes. Clear the User Must Change Password At Next Logon check box, select the Password Never Expires check box, and click Next.

  5. In the third New Object – User dialog box, click Finish.

Create a group for VPN connections

  1. In the console tree, right-click Users, point to New, and then click Group.

  2. In the New Object – Group dialog box, type VPNUsers in the Group Name text box and then click OK.

  3. In the console tree, click Users. Then, in the details pane, double-click VPNUsers.

  4. Click the Members tab, and then click Add.

  5. In the Select Users, Contacts, Or Computers dialog box, type VPNUser in the Enter The Object Names To Select text box and click OK.

  6. In the Multiple Names Found dialog box, click OK. The VPNUser user account is added to the VPNUsers group.

  7. Click OK to save changes to the VPNUsers group.

Update Group Policy

  • At a command prompt, type gpupdate to update Group Policy on DC1.

IAS1

To configure the test lab for PPTP access, configure IAS1 to allow the VPNUsers group to access the intranet segment from the Internet segment.

Create a remote access policy for VPN connections

  1. Open the Internet Authentication Service administrative tool.

  2. In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.

  3. On the Welcome To The New Remote Access Policy Wizard page, click Next.

  4. On the Policy Configuration Method page, type VPN remote access to intranet in the Policy Name text box and click Next.

  5. On the Access Method page, select VPN and click Next.

  6. On the User Or Group Access page, click Group and click Add.

  7. In the Select Groups dialog box, type VPNUsers in the Enter The Object Names To Select text box and click OK. The VPNUsers group in the example.com domain is added to the list of groups on the Users Or Groups page.

  8. On the User Or Group Access page, click Next.

  9. On the Authentication Methods page, the MS-CHAPv2 authentication protocol is selected by default. Click Next.

  10. On the Policy Encryption Level page, clear the Basic Encryption and Strong Encryption check boxes, and click Next.

  11. On the Completing The New Remote Access Policy Wizard page, click Finish.

  12. At a command prompt, type gpupdate to update Group Policy on IAS1.

IIS1

To configure the test lab for PPTP access, configure IIS1 to allow members of the DialUsers group to download a Connection Manager profile.

Configure share permissions

  1. Right-click the folder that you shared in the dial-up section, and click Sharing And Security.

  2. Click Permissions and add the DialUsers group to the list of users, and give the group Read and Change permissions.

VPN1

To configure the test lab for PPTP access, create a PPTP VPN profile in the Connection Manager Administration Kit on VPN1.

Create the PPTPCorp profile

  1. Open the Connection Manager Administration Kit Wizard, and click Next.

  2. On the Service Profile Selection page, select New Profile if necessary, and click Next.

  3. On the Service And File Names page, type PPTP To CorpNet in the Service Name text box, type PPTPCorp in the File Name text box, and click Next.

  4. On the Realm Name page, click Add A Realm Name To The User Name. If Suffix is not already clicked, click it. In the Realm Name text box, type @example.com and click Next.

    click to expand

  5. On the Merging Profile Information page, click Next.

  6. On the VPN Support page, select the Phone Book From This Profile check box. In VPN Server Name Or IP Address, click Always Use The Same VPN Server, and type 10.0.0.2, and click Next.

    click to expand

  7. On the VPN Entries page, click Edit.

  8. In the Edit Virtual Private Networking Entry dialog box, click the Security tab. In the Security Settings drop-down list, click Use Advanced Security Settings and then click Configure.

  9. In the Advanced Security Settings dialog box, select Authentication Methods clear the Microsoft CHAP check box, and ensure that only the Microsoft CHAP version 2 (MS-CHAPv2) option is selected. In the VPN Strategy drop- down list, select Only Use Point To Point Tunneling Protocol (PPTP) and click OK twice.

  10. On the VPN Entries page, click Next.

  11. On the Phone Book page, clear the Automatically Download Phone Book Updates check box, and click Next.

  12. On the Dial-up Networking Entries page, click Next.

  13. On the Routing Table Update page, click Next.

  14. On the Automatic Proxy Configuration page, click Next.

  15. On the Custom Actions page, click Next.

  16. On the Logon Bitmap page, click Next.

  17. On the Phone Book Bitmap page, click Next.

  18. On the Icons page, click Next.

  19. On the Notification Area Shortcut Menu page, click Next.

  20. On the Help File page, click Next.

  21. On the Support Information page, type For help connecting, contact the Support Desk. in the Support Information text box and then click Next.

  22. On the Connection Manager Software page, click Next.

  23. On the License Agreement page, click Next.

  24. On the Additional Files page, click Next.

  25. On the Ready To Build The Service Profile page, select the Advanced Customization check box and then click Next.

  26. On the Advanced Customization page, click Connection Manager in the Section Name drop-down list, click Dialup in the Key Name drop-down list, type 0 in the Value text box, and click Apply.

    click to expand

  27. On the Advanced Customization page, select Connection Manager in the Section Name drop-down list, select HideDomain in the Key Name drop- down list, and type 1 in the Value text box. Click Apply, and then click Next.

  28. When the Completing The Connection Manager Administration Kit Wizard page appears, note the path of the completed profile, and click Finish.

Prepare the PPTPCorp profile for distribution

  1. Browse to the Program Files\Cmak\Profiles\PPTPCorp folder.

  2. Copy PPTPCorp.exe to the shared folder on IIS1.

CLIENT1

To configure the test lab for PPTP access, install the PPTP profile on CLIENT1 from the shared folder on IIS1.

Connect to CorpNet, and install the PPTPCorp profile

  1. Use the Dial-Up To CorpNet profile to connect to the network.

  2. When connected, open the IIS1\ROOT shared folder, double-click PPTPCorp.exe, and click Open.

  3. When prompted to install the PPTP To CorpNet profile, click Yes.

  4. When prompted for whom to make this connection available, ensure that My Use Only is selected and then click OK.

  5. When the profile has finished installing, disconnect the Dial-Up To CorpNet connection and open the PPTP To CorpNet connection.

Connect to CorpNet using the PPTPCorp profile

  1. On the Connection Manager logon page, type VPNUser in the User Name text box and the password for the account in the Password text box. Do not type a domain name in the User Name text box. You configured this profile to hide the Domain box and to automatically append the domain name to the user name. If you type a domain name in the User Name text box, the domain name will be appended twice, which will cause problems with accessing network resources and could prevent access altogether.

  2. Click Connect.

Test connectivity and permissions

  1. When the connection is complete, open a Web browser.

  2. In Address, type http://IIS1.example.com/iisstart.htm. You should see a Web page titled “Under Construction.”

  3. Click Start, click Run, type \\IIS1\ROOT and then click OK. You should see the contents of the root folder on IIS1.

  4. Try to copy PPTPCorp.exe to CLIENT1. You should not be able to do so.

  5. Right-click the connection icon in the notification area, and then click Disconnect.




Deploying Virtual Private Networks With Microsoft Windows Server 2003
Deploying Virtual Private Networks with Microsoft Windows Server 2003 (Technical Reference)
ISBN: 0735615764
EAN: 2147483647
Year: 2006
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net