Windows Server 2016: Configure Remote Access VPN
Windows Server 2016: Configure Remote Access VPN
// Domain Controller Schema:-
// *****************************
// Host Name: SRT_DC01
// Primary DNS: mylab.local
// IPv4 address: 192.168.49.101
// Netmask: 255.255.255.0
// Gateway: 192.168.49.1
// DNS Servers: 192.168.49.101
// Server Schema:-
// *****************
// Computer Name: SRT-SRV01
// Domain: mylab.local
// Private (NIC 1) IP: 192.168.49.1 (IPv6 Enabled)
// Public (NIC2) IP: 10.0.0.1 (IPv6 Enabled)
// --------------------------------------------------------------------------------------
// Install Remote Access services
1) [Server Manager - Dashboard] - click on Manage - Click on Add roles and features - under Before you begin - click on Next - under Installation Type, select (x) role-based or feature-based installation - click on Next - under Server Selection ( // select your destination server, E,g: SRT-SRV01.mylab.local) , click on (x) Select a server from the server pool, choose your selected server from the Server Pool - click on Next - under Server Roles, click on (x) Remote Access - click on Next - under Features, click on Next - under Remote Access, click on Next - under Roles Services, select (x) DirectAccess and VPN (RAS) - under Add Roles and Features Wizard, click on Add Features - under Roles Services, select (x) Routing - click on Next - click on Next - under Roles and Services ( // no other role services are needed) , click on Next - under Confirmation, click on Install - under Results, click on Open the Getting Started Wizard - under Configure Remote Access, select Deploy VPN only - click on Close .
// -------------------------------------------------------------------------------------
// Configure Remote Access VPN Server
2) [Server Manager - Dashboard] - click on Tools - click on Routing and Remote Access - right-click on SRT-SRV01 - click on Configure and Enable Routing and Remote Access - under Welcome to the Routing and Remote Access Server Setup Wizard, click on Next - under Configuration, select (x) Custom Configuration - click on Next - under Select the services that you want to enable on this server, select (x) VPN access && (x) LAN routing - click on Next - click on Finish - under Start the Service, click on Start Service .
3)[Server Manager - Dashboard] - click on Tools - click on Routing and Remote Access - click on SRT-SRV01 (you can see Ports - which allows you to set limits on the number of open ports etc ...) - right-click on SRT-SRV01 - select Properties - under SRT-SRV01 (local) Properties > IPv4, under IPv4 address assignment, select (x) Static Address Pool - click on Add - under New IPv4 Address Range, Input:- Start IP Address: 192.168.49.240 , End IP Address: 192.168.49.254 - click on OK - click on Apply - click on OK -
// -------------------------------------------------------------------------------------
// If you have a firewall running on the Remote Access Server
4) Run as: fw.msc - under Windows Firewall > Inbound rules, you should see Routing and Remote Access (GRE-In) - Port 47 | Routing and Remote Access (L2TP-In) - UDP Port 1701 | Routing and Remote Access (PPTP-In) - TCP Port 1723 | Secure Socket Tunneling Protocol (SSTP-In) - TCP Port 443 |
5) [Server Manager - Dashboard] - Click on Tools - Select Active Directory Users and Computers - click on mylab.local - right-click on Users - select New User - under New Object - User, input:- First name: vpn , Last name: user1 User logon name: user1 [@mylab.local] - click on Next - input Password: xxxxxx - click on Next - click on Finish.
6) [Server Manager - Dashboard] - Click on Tools - Select Active Directory Users and Computers > mylab.local > Users > you should see:- Name: vpn user1 Type: User - double-click on vpnuser1 - under vpn user1 Properties, click on Dial-in - under Network Access Permission, select (x) Allow access - click on Apply - click on OK .
// --------------------------------------------------------------------------------------
// Accessing VPN from workstation (to access Domain Controller [ // Windows // Network address: \\192.168.49.101 ] )
7) (On workstation) Start > Settings > Network & Internet > VPN click on + Add a VPN connection - under Add a VPN connection, input:- VPN Provider: Windows (Built-in) | Connection name: TEST-VPN | Server name or address: 10.0.0.1 - click on Save .
8) (On workstation) Start > Settings > Network & Internet > VPN - click on TEST-VPN - click on Connect - under Windows Security > Sign-in , input
User name: user1 | Password: xxxxxx - click on OK.
9) (On workstation) Run:- ipconfig / all , you should see:- Description: TEST-VPN | IPv4 Address: 192.168.49.241 (Preferred) | DNS Servers: 192.168.49.101
10) (On workstation) Run:- \\192.168.49.101 (to access network folders on company server).
// -------------------------------------------------------------------------------------
// Domain Controller Schema:-
// *****************************
// Host Name: SRT_DC01
// Primary DNS: mylab.local
// IPv4 address: 192.168.49.101
// Netmask: 255.255.255.0
// Gateway: 192.168.49.1
// DNS Servers: 192.168.49.101
// Server Schema:-
// *****************
// Computer Name: SRT-SRV01
// Domain: mylab.local
// Private (NIC 1) IP: 192.168.49.1 (IPv6 Enabled)
// Public (NIC2) IP: 10.0.0.1 (IPv6 Enabled)
// --------------------------------------------------------------------------------------
// Install Remote Access services
1) [Server Manager - Dashboard] - click on Manage - Click on Add roles and features - under Before you begin - click on Next - under Installation Type, select (x) role-based or feature-based installation - click on Next - under Server Selection ( // select your destination server, E,g: SRT-SRV01.mylab.local) , click on (x) Select a server from the server pool, choose your selected server from the Server Pool - click on Next - under Server Roles, click on (x) Remote Access - click on Next - under Features, click on Next - under Remote Access, click on Next - under Roles Services, select (x) DirectAccess and VPN (RAS) - under Add Roles and Features Wizard, click on Add Features - under Roles Services, select (x) Routing - click on Next - click on Next - under Roles and Services ( // no other role services are needed) , click on Next - under Confirmation, click on Install - under Results, click on Open the Getting Started Wizard - under Configure Remote Access, select Deploy VPN only - click on Close .
// -------------------------------------------------------------------------------------
// Configure Remote Access VPN Server
2) [Server Manager - Dashboard] - click on Tools - click on Routing and Remote Access - right-click on SRT-SRV01 - click on Configure and Enable Routing and Remote Access - under Welcome to the Routing and Remote Access Server Setup Wizard, click on Next - under Configuration, select (x) Custom Configuration - click on Next - under Select the services that you want to enable on this server, select (x) VPN access && (x) LAN routing - click on Next - click on Finish - under Start the Service, click on Start Service .
3)[Server Manager - Dashboard] - click on Tools - click on Routing and Remote Access - click on SRT-SRV01 (you can see Ports - which allows you to set limits on the number of open ports etc ...) - right-click on SRT-SRV01 - select Properties - under SRT-SRV01 (local) Properties > IPv4, under IPv4 address assignment, select (x) Static Address Pool - click on Add - under New IPv4 Address Range, Input:- Start IP Address: 192.168.49.240 , End IP Address: 192.168.49.254 - click on OK - click on Apply - click on OK -
// -------------------------------------------------------------------------------------
// If you have a firewall running on the Remote Access Server
4) Run as: fw.msc - under Windows Firewall > Inbound rules, you should see Routing and Remote Access (GRE-In) - Port 47 | Routing and Remote Access (L2TP-In) - UDP Port 1701 | Routing and Remote Access (PPTP-In) - TCP Port 1723 | Secure Socket Tunneling Protocol (SSTP-In) - TCP Port 443 |
5) [Server Manager - Dashboard] - Click on Tools - Select Active Directory Users and Computers - click on mylab.local - right-click on Users - select New User - under New Object - User, input:- First name: vpn , Last name: user1 User logon name: user1 [@mylab.local] - click on Next - input Password: xxxxxx - click on Next - click on Finish.
6) [Server Manager - Dashboard] - Click on Tools - Select Active Directory Users and Computers > mylab.local > Users > you should see:- Name: vpn user1 Type: User - double-click on vpnuser1 - under vpn user1 Properties, click on Dial-in - under Network Access Permission, select (x) Allow access - click on Apply - click on OK .
// --------------------------------------------------------------------------------------
// Accessing VPN from workstation (to access Domain Controller [ // Windows // Network address: \\192.168.49.101 ] )
7) (On workstation) Start > Settings > Network & Internet > VPN click on + Add a VPN connection - under Add a VPN connection, input:- VPN Provider: Windows (Built-in) | Connection name: TEST-VPN | Server name or address: 10.0.0.1 - click on Save .
8) (On workstation) Start > Settings > Network & Internet > VPN - click on TEST-VPN - click on Connect - under Windows Security > Sign-in , input
User name: user1 | Password: xxxxxx - click on OK.
9) (On workstation) Run:- ipconfig / all , you should see:- Description: TEST-VPN | IPv4 Address: 192.168.49.241 (Preferred) | DNS Servers: 192.168.49.101
10) (On workstation) Run:- \\192.168.49.101 (to access network folders on company server).
// -------------------------------------------------------------------------------------
Comments
Post a Comment