create a smart VPN connection with Windows 2003 [40 mn de lecture - paru le 5/13/2006 7:38:06 PM - Public : Débutant]

Auteur

Adrien GOMBERT Elève-Ingénieur Supinfo Aquitaine Promotion SUPINFO 2009    Lui écrire    Tous les projets de cet auteur    Le mini-CV de cet auteur

Resume

After having read this, you’ll know what a VPN is, what its use is  and how to install a secured one.

·          The remote clients will be authenticated before access to network company

·          The remotes clients will be assigned IP automatically

·          The director will have a static IP

·          The communication will be secured with L2TP/IP Sec

·          The connection will be logged

Sommaire

• Introduction
• 1. Prerequired and initial configuration of the computer (obligatory)
• 1.0. Have two machines, a XP and a 2003 SERVER
• 1.1. Give a static IP address to the server [SERVER]
• 1.2.  Give a static IP address to the XP [XP]
• 1. 3. Verify the connectivity between both computers [XP]
• 1.4. Verify that the routing and remothe access service is disabled [XP and SERVER]
• 1.5. Verify that the DNS and the WINS service are uninstalled [XP and SERVER]
• 1.6. Install Active Directory [SERVER]
• 1.7. Configure your computer to join the server[XP]
• 2.Configuration clients’ VPN connections(obligatory)
• 2.1. Create a connection to the virtual private network to test the functioning of the VPN server [XP]
• 2.2. Try to establish the client VPN connection by using the account Administrator [XP] (optional)
• 3. Installation of the VPN server and configuration of general options (obligatory)
• 3.1. Enable and configure the routing and remote access [SERVER]
• 3.2. Configure the VPN server to attribute IP addresses to clients. [SERVER]
• 3.3. Register the VPN server in Active Directory [SERVER]
• 4. Implementation of a VPN server using L2TP/IPSec (important)
• 4.1. Create a account named usr_vpn and authorize him to establish remote connections [SERVER]
• 4.2. Install the internet Web Internet Information Service (IIS) 6.0 on the domain controller [SERVER]
• 4.3. Install the certificates service [SERVER]
• 4.4. Create and configure a GPO allowing to allocate automatically a certificate to every domain’s computer [SERVER]
• 4.5. create and configure a GPO so that all domain member computers trust the root certification authority  ROOT-CA [SERVER]
• 4.6. Link and enforce GPOs previously create by using the GPMC console [SERVER]
• 4.7. Refresh the GPO settings on both computer by using the command gpupdate.exe [XP and SERVER]
• 4.8. Configure the VPN server in order to accept a maximum of 30 connections with L2TP/IPSec. [SERVER]
• 4.9. Configure the client VPN connection to use L2TP/IPSec [XP]
• 4.10. Try to establish the Client VPN connection by using the account usr_vpn [XP]
• 5. Implement remote access policy to filter access network (very important)
• 5.1. Raise the functional level to Windows 2000 Native [SERVER]
• 5.2. Autorize the user usr_vpn to connect to the VPN server according to a romote access policy [SERVER]
• 5.3. Create a security group scope named G_VPN users, then add the user usr_vpn [SERVER]
• 5.4. Create a remote access policy to enable the group G_VPN users members to etablish the most secure VPN connection [SERVER]
• 5.5. Try to establish the Client VPN connection by using the account usr_vpn [XP]
• 6. Implement the user « director » with static IP address (useless)
• 6.1. Create a account named director and authorize him to establish remote connections [SERVER]
• 6.2. add the user to G_VPN users [SERVER]
• 6.3. Verify that the remote access profile is correctly configured [XP]
• 7. Configuration of events recording on a network access server (not very important)
• 7.1. Clear all events in the log System by using the event viewer [SERVER]
• 7.2. Configure events to be audited on the VPN server [SERVER]
• 7.3. Verify that events are recorded in the System log [SERVER]
• 7.4. Configure the recording of accounts management [SERVER]
• 7.5. Try to establish the client VPN connection by using the account usr_vpn [XP]
• 7.6. Verify that the log file was created [SERVER]
• 8. Configuration of the logging for L2TP/IPSec (not very important)
• 8.1. Create a GPO enabling the audit of the events linked to IPSec and to L2TP/IPSec connections [SERVER]
• 8.2. Link and enforce GPOs previously create by using the GPMC console [SERVER]
• 8.3. Refresh the GPO settings by using the command gpupdate.exe [SERVER]
• 8.4. Clear all events in the log files by using the event viewer [SERVER]
• 8.5. Try to establish the client VPN  connection by using the account usr_vpn [XP]
• 8.6. Verify that events relating to L2TP/IPSec connection were recorded in the Security log [SERVEUR]
• 8.7. Enabled the Oakley record on the VPN server (useless => for debug ) [SERVER]
• 8.8. Restart the routing and remote access service and verify that a new log named oakley.log is appeared [SERVER]
• Conclusion