Appendix F: Setting Up a PPTP-Based Site-to-Site VPN Connection in a Test Lab


This appendix provides an example with detailed information about how you can use five computers, running only Microsoft Windows Server 2003 and Windows XP Professional, in a test lab environment to configure and test a Point-to-Point Tunneling Protocol (PPTP)–based site-to-site virtual private network (VPN) connection. You can use this example deployment to learn about Windows Server 2003 site-to- site VPN functionality before you deploy a site-to-site VPN connection in a production environment. This test lab configuration simulates a deployment of a PPTP- based site-to-site VPN connection between the Seattle and New York offices of an organization.

Note

The following instructions are for configuring a test lab using a minimum number of computers. Individual computers are needed to separate the services provided on the network and to clearly show the functionality. This configuration is neither designed to reflect best practices nor is it recommended for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network.

Setting Up the Test Lab

The infrastructure for a PPTP-based site-to-site VPN deployment test lab network consists of five computers performing the roles shown in Table F-1.

Table F-1: Test Lab Computer Setup

Computer

Roles

CLIENT1 running Windows XP Professional

Client computer

ROUTER1 running Windows Server 2003

Answering router

INTERNET running Windows Server 2003

Internet router

ROUTER2 running Windows Server 2003

Calling router

CLIENT2 running Windows XP Professional

Client computer

In addition to these five computers, the test lab also contains four hubs (or layer 2 switches):

  • A hub that connects the Seattle office (CLIENT1) to the answering router

  • A hub that connects the New York office (CLIENT2) to the calling router

  • A hub that connects the Seattle office (ROUTER1) to the Internet router

  • A hub that connects the New York office (ROUTER2) to the Internet router

    Note

    Because there are only two computers on each subnet, the hubs can be replaced by Ethernet crossover cables.

The configuration of this test lab is shown in Figure F-1.

click to expand
Figure F-1: Site-to-site VPN test lab configuration.

The IP addresses for the test lab configuration are shown in Tables F-2, F-3, and F-4.

Table F-2: IP Addresses for the Seattle Office Subnet

Computer/Interface

IP Addresses

CLIENT1

172.16.4.3

ROUTER1 (to the Seattle intranet)

172.16.4.1

Table F-3: IP Addresses for the Internet Subnets

Computer/Interface

IP Addresses

ROUTER1 (to INTERNET, representing the Internet)

10.1.0.2

INTERNET (to ROUTER1, the answering router)

10.1.0.1

ROUTER2 (to INTERNET, representing the Internet)

10.2.0.2

INTERNET (to ROUTER2, the calling router)

10.2.0.1

Table F-4: IP Addresses for the New York Office Subnet

Computer/Interface

IP Addresses

ROUTER2 (to the New York intranet)

172.16.56.1

CLIENT2

172.16.56.3

Configure your test lab by performing the following tasks:

  1. Configure the computers in the Seattle office.

  2. Configure the computers in the New York office.

  3. Configure the Internet router.

Configuration for CLIENT1

The following section describes the configuration for CLIENT1. Table F-2 lists the IP addresses for the computers on the Seattle subnet.

CLIENT1 is a standalone computer in a workgroup, running Windows XP Professional.

Configure TCP/IP Properties

To configure TCP/IP properties for CLIENT1, perform the following steps:

  1. Open Network Connections, right-click the network connection you want to configure, and then click Properties.

  2. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

  3. Click Use The Following IP Address, and configure the IP address, subnet mask, and default gateway with the following values:

    • IP Address: 172.16.4.3

    • Subnet Mask: 255.255.255.0

    • Default Gateway: 172.16.4.1

Configuration for CLIENT2

The following section describes the configuration for CLIENT2. Table F-4 lists the IP addresses for the computers on the New York subnet.

CLIENT2 is a standalone computer in a workgroup, running Windows XP Professional.

Configure TCP/IP Properties

To configure TCP/IP properties for CLIENT2, perform the following steps:

  1. Open Network Connections, right-click the network connection you want to configure, and then click Properties.

  2. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

  3. Click Use The Following IP Address, and configure the IP address, subnet mask, and default gateway with the following values:

    • IP Address: 172.16.56.3

    • Subnet Mask: 255.255.255.0

    • Default Gateway: 172.16.56.1

Computer Setup for the Answering and Calling Routers

The following section describes the setup for the routers in the test lab. For information about configuring routing and remote access for the answering router (ROUTER1) and the calling router (ROUTER2), see the “Configuring a PPTP-Based Site-to-Site VPN Connection” section later in this appendix.

ROUTER1

ROUTER1 is a standalone computer in a workgroup, running Windows Server 2003. ROUTER1 is acting as the answering router.

Configure TCP/IP Properties

To configure TCP/IP properties for ROUTER1, perform the following steps:

  1. Open Network Connections, right-click the network connection you want to configure, and then click Properties.

  2. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

  3. Configure the interface attached to the simulated Internet with the following values:

    • IP Address: 10.1.0.2

    • Subnet Mask: 255.255.0.0

    • Default Gateway: 10.1.0.1

  4. Configure the interface attached to the Seattle subnet with the following values:

    • IP Address: 172.16.4.1

    • Subnet Mask: 255.255.255.0

    • Default Gateway: None

ROUTER2

ROUTER2 is a standalone computer in a workgroup, running Windows Server 2003. ROUTER2 is acting as the calling router.

Configure TCP/IP Properties

To configure TCP/IP properties for ROUTER2, perform the following steps:

  1. Open Network Connections, right-click the network connection you want to configure, and then click Properties.

  2. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

  3. Configure the interface attached to the Internet with the following values:

    • IP Address: 10.2.0.2

    • Subnet Mask: 255.255.0.0

    • Default Gateway: 10.2.0.1

  4. Configure the interface attached to the New York subnet with the following values:

    • IP Address: 172.16.56.1

    • Subnet Mask: 255.255.255.0

    • Default Gateway: None

Computer Setup for the Internet Router

The following section describes the setup for the computer simulating the Internet in the test lab.

INTERNET

INTERNET is a standalone computer in a workgroup, running Windows Server 2003.

Configure TCP/IP Properties

To configure TCP/IP properties for INTERNET, perform the following steps:

  1. Open Network Connections, right-click the network connection you want to configure, and then click Properties.

  2. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

  3. Configure the interface attached to the subnet containing ROUTER1 with the following values:

    • IP Address: 10.1.0.1

    • Subnet Mask: 255.255.0.0

    • Default Gateway: None

  4. Configure the interface attached to the subnet containing ROUTER2 with the following values:

    • IP Address: 10.2.0.1

    • Subnet Mask: 255.255.0.0

    • Default Gateway: None

  5. In the Routing And Remote Access snap-in, right-click INTERNET in the console tree, and then click Configure And Enable Routing And Remote Access.

  6. To complete the Routing And Remote Access Server Setup Wizard, click Next, and then provide the information described in the following steps.

  7. On the Configuration page, select Custom Configuration.

  8. Click Next. On the Custom Configuration page, select LAN Routing.

  9. Click Next. On the Completing The Routing And Remote Access Server Setup Wizard page, click Finish.

  10. To verify the routing infrastructure, do the following:

    • From ROUTER1, ping the IP address 10.2.0.2. This should be successful.

    • From CLIENT2, ping the IP address 172.16.4.3. This should be unsuccessful, as there is no client-to-client reachability across the simulated Internet until the site-to-site VPN connection is created.




Deploying Virtual Private Networks With Microsoft Windows Server 2003
Deploying Virtual Private Networks with Microsoft Windows Server 2003 (Technical Reference)
ISBN: 0735615764
EAN: 2147483647
Year: 2006
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net