L2TP/IPSec-based remote access VPN connections require computer certificates on the VPN client and the VPN server. L2TP/IPSec is typically used when there are stronger requirements for security and a public key infrastructure (PKI) is in place to issue computer certificates to VPN clients and servers.
To configure DC1 for autoenrollment of computer certificates, perform the following steps.
Open the Active Directory Users And Computers snap-in.
In the console tree, double-click Active Directory Users And Computers, right-click the example.com domain, and then click Properties.
On the Group Policy tab, click Default Domain Policy and then click Edit.
In the console tree, open Computer Configuration, Windows Settings, Security Settings, Public Key Policies, and then Automatic Certificate Request Settings. This is shown in the following figure.
Right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request.
On the Welcome To The Automatic Certificate Request Setup Wizard page, click Next.
On the Certificate Template page, click Computer.
Click Next. On the Completing The Automatic Certificate Request Setup Wizard page, click Finish. The Computer certificate type now appears in the details pane of the Group Policy Object Editor snap-in. This is shown in the following figure.
Type gpupdate at a command prompt to update group policy on DC1.
To immediately update group policy and request a computer certificate, type gpupdate at a command prompt.
To obtain a computer certificate on CLIENT1 and then configure an L2TP/IPSec- based remote access VPN connection, perform the following steps:
Shut down CLIENT1.
Disconnect the CLIENT1 computer from the simulated Internet network segment, and connect it to the intranet network segment.
Restart the CLIENT1 computer, and log on using the VPNUser1 account. Computer and user group policy is automatically updated.
Shut down the CLIENT1 computer.
Disconnect the CLIENT1 computer from the intranet network segment, and connect it to the simulated Internet network segment.
Restart the CLIENT1 computer, and log on using the VPNUser1 account.
On CLIENT1, open the Network Connections folder from Control Panel.
In Network Tasks, click Create A New Connection.
On the Welcome To The New Connection Wizard page of the New Connection Wizard, click Next.
On the Network Connection Type page, click Connect To The Network At My Workplace.
Click Next. On the Network Connection page, click Virtual Private Network Connection.
Click Next. On the Connection Name page, type L2TPtoCorpnet in the Company Name text box.
Click Next. On the VPN Server Selection page, type 10.0.0.2 in the Host Name Or IP Address text box.
Click Next. On the Public Network page, click Do Not Dial The Initial Connection.
Click Next. On the Connection Availability page, click Next.
On the Completing The New Connection Wizard page, click Finish. The Connect L2TPtoCorpnet dialog box is displayed.
Click Properties, and then click the Networking tab.
On the Networking tab, in the Type Of VPN drop-down list, select L2TP IPSec VPN. This is shown in the following figure.
Click OK to save changes to the L2TPtoCorpnet connection. The Connect L2TPtoCorpnet dialog box is displayed.
In the User Name text box, type example/VPNUser1. In the Password text box, type the password you chose for the VPNUser1 account.
When the connection is complete, run the Web browser.
In the Address text box, type http://IIS1.example.com/iisstart.htm. You should see a Web page titled “Under Construction.”
Click Start, click Run, type \\IIS1\ROOT, and then click OK. You should see the contents of the Local Drive (C:) on IIS1.
Right-click the L2TPtoCorpnet connection, and then click Disconnect.