Configuring the Initial Test Lab


Let’s get started with the basic lab setup, and then we can get into the fine-tuning later. To follow the steps in the chapter, you will need to configure five computers in a specific topology. Each computer in the lab has specific hardware and operating system requirements, which are specified in the following subsections.

To set up this test lab, you will need the following hardware and software:

  • Four computers that are capable of running members of the Windows Server 2003 family

  • One server that has two network adapters

  • One server that has a floppy disk drive

  • One computer that is capable of running Windows XP Professional and that has a floppy disk drive

  • Two network hubs or Layer 2 switches

  • Two operating system compact discs for Windows Server 2003, Enterprise Edition

  • Two operating system compact discs for Windows Server 2003, Standard Edition

  • One operating system compact disc for Windows XP Professional

  • One copy of the Windows Server 2003 Resource Kit Tools

Figure 7-1 shows the network topology for this lab.

click to expand
Figure 7-1: Connection Manager and quarantine basic lab setup.

As shown in Figure 7-1, one segment of the test lab network represents a corporate intranet, and another segment represents the Internet. Connect all computers on the intranet segment to a common hub or Layer 2 switch. Connect all computers on the Internet segment to a separate common hub or Layer 2 switch.

The following subsections describe how you will set up the basic infrastructure. To reconstruct this test lab, configure the computers in the order presented. Later on, we will get into the specific configuration steps required for testing Network Access Quarantine Control and certificate provisioning on the remote access client.

DC1

As part of setting up the basic infrastructure for the test lab, configure DC1 as the domain controller, the DNS server, the DHCP server, and the IAS server for a domain that is named example.com.

To perform basic installation and configuration

  1. Install Windows Server 2003, Enterprise Edition, and configure the computer as a standalone server named DC1.

  2. Configure the connection to the intranet segment with the Internet Protocol (IP) address of 172.16.0.1 and the subnet mask of 255.255.255.0.

To configure the computer as a domain controller

  1. Click Start, click Run, type dcpromo.exe, and click OK to start the Active Directory Installation Wizard.

  2. Follow the instructions in the wizard to create a domain named example.com in a new forest. Install the DNS service when prompted to do so.

  3. Using the Active Directory Users And Computers administrative tool, right- click the example.com domain, and then click Raise Domain Functional Level.

  4. Click Windows Server 2003, and then click Raise.

To install and configure DHCP

  1. Install DHCP, a subcomponent of the Networking Services component.

  2. Click Start, point to Administrative Tools, and click DHCP.

  3. In the console tree, click dc1.example.com. On the Action menu, click Authorize to authorize the DHCP service.

  4. In the console tree, right-click dc1.example.com, and then click New Scope.

  5. On the Welcome To The New Scope Wizard page, click Next.

  6. On the Scope Name page, type CorpNet in the Name text box, and click Next.

  7. On the IP Address Range page, type 172.16.0.10 in the Start IP Address text box, type 172.16.0.100 in the End IP Address text box, type 24 in the Length text box, and click Next.

  8. On the Add Exclusions page, click Next.

  9. On the Lease Duration page, click Next.

  10. On the Configure DHCP Options page, select Yes, I Want To Configure These Options Now, and click Next.

  11. On the Router (Default Gateway) page, click Next.

  12. On the Domain Name And DNS Servers page, type example.com in the Parent Domain text box. Type 172.16.0.1 in the IP Address text box, click Add, and click Next.

  13. On the WINS Servers page, click Next.

  14. On the Activate Scope page, select Yes, I Want To Activate This Scope Now, and click Next.

  15. On the Completing The New Scope Wizard page, click Finish.

To add computers to the domain

  1. Open the Active Directory Users And Computers administrative tool.

  2. In the console tree, double-click example.com.

  3. Right-click Users, point to New, and then click Computer.

  4. In the New Object – Computer dialog box, type CA1 in the Computer Name text box and click Next.

  5. In the Managed dialog box, click Next.

  6. In the New Object – Computer dialog box, click Finish.

  7. Follow steps 3 through 6 to create additional computer accounts for IIS1 and VPN1.

To install and configure Internet Authentication Service

  1. Install Internet Authentication Service, a subcomponent of the Networking Services component.

  2. Click Start, point to Administrative Tools, and click Internet Authentication Service.

  3. Right-click Internet Authentication Service, and then click Register Server In Active Directory. When the Register Internet Authentication Server In Active Directory dialog box appears, click OK. When the Server Registered dialog box appears, click OK.

  4. In the console tree, right-click RADIUS Clients, and then click New RADIUS Client.

  5. On the Name And Address page of the New RADIUS Client wizard, type VPN1 in the Friendly Name text box, type 172.16.0.2 in the Client Address (IP Or DNS) text box, and then click Next.

  6. On the Additional Information page, create and type the same shared secret for VPN1 in both the Shared Secret and Confirm Shared Secret text boxes.

  7. Click Finish.

CA1

As part of setting up the basic infrastructure for the test lab, configure CA1 as the certification authority for the example.com domain and as the quarantine resource (a Web and file server that the client can access while still quarantined). For more in-depth information on certificate service, see Appendix C.

To perform basic installation and configuration

  1. Install Windows Server 2003, Enterprise Edition, and configure the computer as a member server named CA1 in the example.com domain.

    Note

    The auto-enrollment of remote access clients with the appropriate certificate requires the creation and use of a Version 2 certificate template. Version 2 certificates are not available on or distributable by Windows Server 2003, Standard Edition, but they are distributable by Windows Server 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition.

  2. Configure the connection to the intranet segment with the IP address of 172.16.0.4, the subnet mask of 255.255.255.0, and the DNS server IP address of 172.16.0.1.

Install IIS

  • Install Internet Information Services (IIS), a subcomponent of the Application Server component.

To install Certificate Services and configure the certification authority

  1. When IIS finishes installing, click Add/Remove Windows Components.

  2. In Windows Components, select the Certificate Services check box. Click Yes when warned about not changing the name or domain membership of this computer. Click Next.

  3. On the CA Type page, click Enterprise Root CA and click Next.

  4. On the CA Identifying Information page, type Example Root CA in the Common Name For This CA text box (as shown in Figure 7-2), and then click Next.

    click to expand
    Figure 7-2: CA identifying information.

  5. On the Certificate Database Settings page, click Next.

  6. When asked whether to temporarily stop IIS, click Yes.

  7. When asked whether to enable ASP pages, click Yes.

  8. On the Completing The Windows Components Wizard page, click Finish.

Configure a Shared Folder

On CA1, create a folder named Quarantine on the drive on which you installed the operating system. Share this folder, and retain the default permissions.

To test Web and file share access

  1. Start Internet Explorer on DC1. If the Internet Connection Wizard prompts you, configure Internet access through a local area network (LAN) connection. In Internet Explorer, type http://CA1.example.com/certsrv in the Address text box. You should see the Welcome page for certificate Web enrollment.

  2. In Internet Explorer, type \\ca1\quarantine in the Address text box and press Enter. You should see the contents of the Quarantine folder, which should be empty.

  3. Close Internet Explorer.

IIS1

As part of setting up the basic infrastructure for the test lab, configure IIS1 as a Web server and a file server for the example.com domain.

To perform basic installation and configuration

  1. Install Windows Server 2003, Standard Edition, and configure the computer as a member server named IIS1 in the example.com domain.

  2. Configure the connection to the the simulated Internet segment with the IP address of 172.16.0.3, the subnet mask of 255.255.255.0, and the DNS server IP address of 172.16.0.1.

To install and configure IIS

  1. Install Internet Information Services (IIS), a subcomponent of the Application Server component.

  2. Start Internet Explorer on DC1. In Internet Explorer, type http://IIS1.example.com in the Address text box. You should see the Under Construction default Web page.

To configure a shared folder

  1. On IIS1, share the root folder of the drive on which you installed the operating system. Name the share ROOT, and retain the default permissions.

  2. To determine whether file sharing is working correctly, on DC1, click Start, click Run, type \\IIS1\ROOT, and then click OK. You should see the files in the root folder on IIS1.

VPN1

As part of setting up the basic infrastructure for the test lab, configure VPN1 as a remote access server and as the computer from which you will create Connection Manager profiles using the Connection Manager Administration Kit. This is the same setup and hardware requirements that was described in Chapter 6, “Deploying Remote Access VPNs,” but for completeness of the setup procedure we will run through it here as well. As part of configuring VPN1 for Network Access Quarantine Control, you must also install the Windows Server 2003 Resource Kit Tools by temporarily connecting VPN1 to the Internet and downloading the tools from http://go.microsoft.com/fwlink/?LinkID=16544.

To perform basic installation and configuration

  1. Install Windows Server 2003, Standard Edition, and configure the computer as a member server named VPN1 in the example.com domain.

  2. Rename the connection to the intranet segment as CorpNet, and rename the connection to the Internet segment as Internet.

  3. Configure the CorpNet connection with the IP address of 172.16.0.2, the subnet mask of 255.255.255.0, and the DNS server IP address of 172.16.0.1.

  4. Configure the Internet connection with the IP address of 10.0.0.2 and the subnet mask of 255.255.255.0.

To configure Routing And Remote Access

  1. Click Start, point to Administrative Tools, and click Routing And Remote Access.

  2. In the console tree, right-click VPN1, and click Configure And Enable Routing And Remote Access.

  3. On the Welcome To The Routing And Remote Access Server Setup Wizard page, click Next.

  4. On the Configuration page, Remote Access (Dial-Up Or VPN) is selected by default. Click Next.

  5. On the Remote Access page, select the VPN check box and click Next.

  6. On the VPN Connection page, click the Internet interface in Network Interfaces and click Next.

  7. On the Network Selection page, click the CorpNet interface in the Network Interfaces list and click Next.

  8. On the IP Address Assignment page, Automatically is selected by default. Click Next.

  9. On the Managing Multiple Remote Access Servers page, click Yes, Set Up This Server To Work With A RADIUS Server, and click Next.

  10. On the RADIUS Server Selection page, type 172.16.0.1 in the Primary RADIUS Server text box, type the shared secret in the Shared Secret text box, and click Next.

  11. On the Completing The Routing And Remote Access Server Setup Wizard page, click Finish.

  12. When a message about configuring the DHCP Relay Agent appears, click OK.

To configure DHCP Relay Agent

  1. In the console tree, double-click VPN1, double-click IP Routing, and right- click DHCP Relay Agent, as shown in Figure 7-3.

    click to expand
    Figure 7-3: Accessing DHCP Relay Agent properties.

  2. Click Properties.

  3. In the DHCP Relay Agent Properties dialog box, type 172.16.0.1 in the Server Address text box, and click Add. The server address will be added to the list, as shown in Figure 7-4. Click OK.

    click to expand
    Figure 7-4: Configuring DHCP Relay Agent properties.

To install Connection Manager Administration Kit (CMAK)

  1. Click Start, point to Control Panel, and click Add Or Remove Programs.

  2. Click Add/Remove Windows Components, click Management And Monitoring Tools, and click Details.

  3. Select the Connection Manager Administration Kit check box (as shown in Figure 7-5), click OK, and then Next to install CMAK. Click Finish.

    click to expand
    Figure 7-5: Installing Connection Manager Administration Kit.

Install the Windows Server 2003 Resource Kit Tools

Install the Windows Server 2003 Resource Kit Tools. Accept all the default paths and configurations.

CLIENT1

As part of setting up the basic infrastructure for the test lab, configure CLIENT1 as a standalone computer on a separate network segment. To configure CLIENT1 to resolve the name vpn1.example.com to the IP address 10.0.0.2, you must also configure the Hosts file on CLIENT1.

  1. Install Windows XP Professional, and configure the computer as a standalone computer named CLIENT1.

  2. Configure the connection to the Internet segment with the IP address of 10.0.0.1 and the subnet mask of 255.255.255.0.

  3. Open the \WINDOWS\system32\drivers\etc folder, and open the Hosts file in Notepad.

  4. Add the line 10.0.0.2 vpn1.example.com # vpn server (as shown in Figure 7-6), and save the file. Make sure not to accidentally save it with an extension (for example, as Hosts.txt).

    click to expand
    Figure 7-6: Configuring the Hosts file on the client.




Deploying Virtual Private Networks With Microsoft Windows Server 2003
Deploying Virtual Private Networks with Microsoft Windows Server 2003 (Technical Reference)
ISBN: 0735615764
EAN: 2147483647
Year: 2006
Pages: 128

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net