SlideShare a Scribd company logo

Vpn

Download as DOCX, PDF
A
anishrssb
1 of 3
Common configuration for the VPN server To deploy a VPN solution for Electronic, Inc., the network administrator performs an analysis and makes design decisions regarding: The network configuration The remote access policy configuration The domain configuration The security configuration The network configuration The key elements of the network configuration are: The Electronic, Inc. corporate intranet uses the private networks of 172.16.0.0 with a subnet mask of 255.240.0.0 and 192.168.0.0 with a subnet mask of 255.255.0.0. The corporate campus network segments use subnets of 172.16.0.0 and the branch offices use subnets of 192.168.0.0. The VPN server computer is directly attached to the Internet by using a T3 (also known as a DS-3) dedicated WAN link. The IP address of the WAN adapter on the Internet is 207.209.68.1 as allocated by the Internet service provider (ISP) for Electronic, Inc. The IP address of the WAN adapter is referred to on the Internet by the domain name vpn.electronic.microsoft.com. The VPN server computer is directly attached to an intranet network segment that contains a RADIUS server, a file and Web server for business partner access, and a router that connects to the rest of the Electronic, Inc. corporate campus intranet. The intranet network segment has the IP network ID of 172.31.0.0 with the subnet mask of 255.255.0.0. The VPN server computer is configured with a static pool of IP addresses to allocate to remote access clients and calling routers. The static pool of IP addresses is a subset of the intranet network segment (an on-subnet address pool). The following illustration shows the network configuration of the Electronic, Inc. VPN server. Note While the illustration shows the RADIUS server and file and Web server, the RADIUS server is not discussed until Dial-up and VPNs with RADIUS, and the file and Web servers are not discussed until Extranet for Business Partners. Based on the network configuration of the Electronic, Inc. corporate campus intranet, the VPN server computer is configured as follows. 1. Install hardware in the VPN server The network adapter that is used to connect to the intranet segment and the WAN adapter that is used to connect to the Internet are installed according to the adapter manufacturer's instructions. Once drivers are installed and functioning, both adapters appear as local area connections in the Network Connections folder. 2. Configure TCP/IP on the LAN and WAN adapter
For the LAN adapter, an IP address of 172.31.0.1 with a subnet mask 255.255.0.0 is configured. For the WAN adapter, an IP address of 207.209.68.1 with a subnet mask 255.255.255.255 is configured. A default gateway is not configured for either adapter. DNS and WINS server addresses are also configured. 3. Install the Routing and Remote Access service The Routing and Remote Access Server Setup Wizard is run. Within the wizard, the Remote Access (dial-up or VPN) option is selected. For more information, see Enable the Routing and Remote Access service. While running the wizard, a static IP address pool with a starting IP address of 172.31.255.1 and an ending IP address of 172.31.255.254 is configured. This creates a static address pool for up to 253 VPN clients. For more information, see Create a static IP address pool. The default method of authenticating remote access and demand-dial connections is to use Windows authentication, which is appropriate in this configuration containing only one VPN server. For information on the use of RADIUS authentication for Electronic, Inc., see Dial-up and VPNs with RADIUS. For more information on the use of Windows and RADIUS authentication, see Authentication vs. authorization. 4. Enable the EAP authentication method To enable the use of smart card-based remote access VPN clients and certificate-based calling routers, the network administrator enables Extensible Authentication Protocol (EAP) on the VPN server. For more information, see Enable EAP. 5. Configure static routes on the VPN server to reach intranet and Internet locations To reach intranet locations, a static route is configured with the following settings: Interface: The LAN adapter attached to the intranet Destination: 172.16.0.0 Network mask: 255.240.0.0 Gateway: 172.31.0.2 Metric: 1 This static route simplifies routing by summarizing all destinations on the Electronic, Inc. intranet. This static route is used so that the VPN server does not need to be configured with a routing protocol. To reach Internet locations, a static route is configured with the following settings: Interface: The WAN adapter attached to the Internet Destination: 0.0.0.0 Network mask: 0.0.0.0 Gateway: 0.0.0.0 Metric: 1 This static route summarizes all destinations on the Internet. This route allows the VPN server to respond to a remote access client or demand-dial router VPN connection from anywhere on the Internet. Note Because the WAN adapter creates a point-to-point connection to the ISP, any address can be entered for the gateway. The gateway address of 0.0.0.0 is an example. 0.0.0.0 is the unspecified IP address. Setting the phone number for the PPTP and L2TP devices To aid in the configuration of remote access policies to confine VPN connections from Internet users, the port properties for the WAN Miniport (PPTP) and WAN Miniport (L2TP) devices are modified with the IP address of the VPN server's Internet interface in the Phone number for this device field. For more information, see Set the phone number on a port. Configure a static route on the intranet router to reach all branch offices To reach branch office locations from the intranet router, a static route is configured with the following settings:
Interface: The LAN adapter attached to the intranet Destination: 192.168.0.0 Network mask: 255.255.0.0 Gateway: 172.31.0.1 Metric: 1 This static route simplifies routing by summarizing all destinations at branch offices of Electronic, Inc. The remote access policy configuration Electronic, Inc. has migrated to a Windows 2000 native domain and the network administrator for Electronic, Inc. decides on an access-by-policy administrative model. The remote access permission on all user accounts is set to Control access through Remote Access Policy. The granting of remote access permission to connection attempts is controlled by the remote access permission setting on the first matching remote access policy. Remote access policies are used to apply different VPN connection settings based on group membership, and the default remote access policies are deleted. For more information, see Introduction to remote access policies. The domain configuration To take advantage of the ability to apply different connection settings to different types of VPN connections, the following Active Directory groups are created: VPN_Users Used for remote access VPN connections VPN_Routers Used for router-to-router VPN connections from Electronic, Inc. branch offices VPN_Partners Used for router-to-router VPN connections from Electronic, Inc. business partners Note All users and groups in this implementation example are created in the electronic.microsoft.com Active Directory domain. The security configuration To enable L2TP/IPSec connections, the use of smart cards by remote access clients, and the use of EAP-TLS by routers, the Electronic, Inc. domain is configured to auto-enroll computer certificates to all domain members. For more information, see Deploying Certificate-based Authentication for VPN Connections. Notes On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling Protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling Protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.

Recommended

Report on routing interface configuration
Report on routing interface configurationReport on routing interface configuration
Report on routing interface configurationDebjyotiSaha9
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Dân Chơi
 
Ccna 4 chapter 6 v4.0 answers 2011
Ccna 4 chapter 6 v4.0 answers 2011Ccna 4 chapter 6 v4.0 answers 2011
Ccna 4 chapter 6 v4.0 answers 2011Dân Chơi
 
Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Ccna1v3 mod10
Ccna1v3 mod10Ccna1v3 mod10
Ccna1v3 mod10igede tirtanata
 
802.1x
802.1x802.1x
802.1xakruthi k
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 

Recommended

Report on routing interface configuration
Report on routing interface configurationReport on routing interface configuration
Report on routing interface configurationDebjyotiSaha9
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Dân Chơi
 
Ccna 4 chapter 6 v4.0 answers 2011
Ccna 4 chapter 6 v4.0 answers 2011Ccna 4 chapter 6 v4.0 answers 2011
Ccna 4 chapter 6 v4.0 answers 2011Dân Chơi
 
Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Ccna1v3 mod10
Ccna1v3 mod10Ccna1v3 mod10
Ccna1v3 mod10igede tirtanata
 
802.1x
802.1x802.1x
802.1xakruthi k
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 
ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersĐồng Quốc Vương
 
Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5friv4schoolgames
 
Bj4101347351
Bj4101347351Bj4101347351
Bj4101347351IJERA Editor
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014TOM LIU
 
802.1x
802.1x802.1x
802.1xAlp isik
 
ccna project
ccna projectccna project
ccna projectAmardeep Singh Brar
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer Dheeraj Giri
 
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answersCcnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answersĐồng Quốc Vương
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web925351jay1
 
8 ways security_wireless
8 ways security_wireless8 ways security_wireless
8 ways security_wirelessSMC Networks Europe
 
CCNA 1
CCNA 1CCNA 1
CCNA 1Asish Verma
 
Restful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over EthernetRestful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over Ethernetijsrd.com
 
Chapter 7 exam
Chapter 7 examChapter 7 exam
Chapter 7 examreiryuzaki
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideasVIT University
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xMohamed Gamel
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocolsVarinder Singh Walia
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
B.indo (grup 4) fabel
B.indo (grup 4) fabelB.indo (grup 4) fabel
B.indo (grup 4) fabelLeatha Evellyn
 
Media evaluation question 1
Media evaluation question 1Media evaluation question 1
Media evaluation question 1floam123
 

More Related Content

What's hot

ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersĐồng Quốc Vương
 
Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5friv4schoolgames
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014TOM LIU
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer Dheeraj Giri
 
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answersCcnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answersĐồng Quốc Vương
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web925351jay1
 
Restful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over EthernetRestful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over Ethernetijsrd.com
 
Chapter 7 exam
Chapter 7 examChapter 7 exam
Chapter 7 examreiryuzaki
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 

What's hot (20)

ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answers
 
Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5Ccna 1 practice final exam answer v5
Ccna 1 practice final exam answer v5
 
Bj4101347351
Bj4101347351Bj4101347351
Bj4101347351
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014
 
802.1x
802.1x802.1x
802.1x
 
ccna project
ccna projectccna project
ccna project
 
Remote Access
Remote AccessRemote Access
Remote Access
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer
 
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answersCcnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
 
Wli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 WebWli Tx4 G54 Manual V1.6 Web
Wli Tx4 G54 Manual V1.6 Web
 
8 ways security_wireless
8 ways security_wireless8 ways security_wireless
8 ways security_wireless
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
 
Restful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over EthernetRestful Webserver Based Domotic Home Using Power over Ethernet
Restful Webserver Based Domotic Home Using Power over Ethernet
 
Chapter 7 exam
Chapter 7 examChapter 7 exam
Chapter 7 exam
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 

Viewers also liked

Media evaluation question 1
Media evaluation question 1Media evaluation question 1
Media evaluation question 1floam123
 
Evaluation 2
Evaluation 2Evaluation 2
Evaluation 2floam123
 
Awesome Pictures
Awesome PicturesAwesome Pictures
Awesome PicturesOmgTopTens
 
Excite Presentation henson
Excite Presentation henson Excite Presentation henson
Excite Presentation henson hensonabellada
 
Grup nadia maryam (5)fabel tmi
Grup nadia maryam (5)fabel tmiGrup nadia maryam (5)fabel tmi
Grup nadia maryam (5)fabel tmiLeatha Evellyn
 
ύμνος εις την ελευθερίαν
ύμνος εις την ελευθερίανύμνος εις την ελευθερίαν
ύμνος εις την ελευθερίαν35dimpat2013
 
Photo presentation
Photo presentation Photo presentation
Photo presentation floam123
 
Determinant ve hesaplanmasi_ve_numerik_yontemler
Determinant ve hesaplanmasi_ve_numerik_yontemlerDeterminant ve hesaplanmasi_ve_numerik_yontemler
Determinant ve hesaplanmasi_ve_numerik_yontemlersilverstar06
 
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02javiernagore6
 
SA consumer, marketing & media trends feb'13 rev5
SA consumer, marketing & media trends feb'13 rev5SA consumer, marketing & media trends feb'13 rev5
SA consumer, marketing & media trends feb'13 rev5Mindshare South Africa
 

Viewers also liked (15)

B.indo (grup 4) fabel
B.indo (grup 4) fabelB.indo (grup 4) fabel
B.indo (grup 4) fabel
 
Media evaluation question 1
Media evaluation question 1Media evaluation question 1
Media evaluation question 1
 
Evaluation 2
Evaluation 2Evaluation 2
Evaluation 2
 
B.indo (grup 4) fabel
B.indo (grup 4) fabelB.indo (grup 4) fabel
B.indo (grup 4) fabel
 
Awesome Pictures
Awesome PicturesAwesome Pictures
Awesome Pictures
 
Xelidonia1
Xelidonia1Xelidonia1
Xelidonia1
 
Moneo koolhas
Moneo koolhasMoneo koolhas
Moneo koolhas
 
Excite Presentation henson
Excite Presentation henson Excite Presentation henson
Excite Presentation henson
 
Grup nadia maryam (5)fabel tmi
Grup nadia maryam (5)fabel tmiGrup nadia maryam (5)fabel tmi
Grup nadia maryam (5)fabel tmi
 
ύμνος εις την ελευθερίαν
ύμνος εις την ελευθερίανύμνος εις την ελευθερίαν
ύμνος εις την ελευθερίαν
 
Photo presentation
Photo presentation Photo presentation
Photo presentation
 
Determinant ve hesaplanmasi_ve_numerik_yontemler
Determinant ve hesaplanmasi_ve_numerik_yontemlerDeterminant ve hesaplanmasi_ve_numerik_yontemler
Determinant ve hesaplanmasi_ve_numerik_yontemler
 
Mobility and Media in Africa
Mobility and Media in Africa Mobility and Media in Africa
Mobility and Media in Africa
 
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02
Diccionario visual-de-arquitectura-francis-d-k-ching-130101232043-phpapp02
 
SA consumer, marketing & media trends feb'13 rev5
SA consumer, marketing & media trends feb'13 rev5SA consumer, marketing & media trends feb'13 rev5
SA consumer, marketing & media trends feb'13 rev5
 

Similar to Vpn

versa router teletronics
versa router teletronicsversa router teletronics
versa router teletronicsguestd33e17a
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRicha Singh
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptxRazith2
 
Eyeball AnyConnect™ Gateway Administration Guide
Eyeball AnyConnect™ Gateway Administration GuideEyeball AnyConnect™ Gateway Administration Guide
Eyeball AnyConnect™ Gateway Administration GuideEyeball Networks
 
Ccnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examCcnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examĐồng Quốc Vương
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reportsShakib Ansaar
 
Cognex In-Sight - Network Settings.pdf
Cognex In-Sight - Network Settings.pdfCognex In-Sight - Network Settings.pdf
Cognex In-Sight - Network Settings.pdfDiogoCampezatto
 
Wireless Hotspot Kit
Wireless Hotspot KitWireless Hotspot Kit
Wireless Hotspot KitITWare
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Vpn setup guide
Vpn setup guideVpn setup guide
Vpn setup guideAClarida
 
Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Saurabh Giratkar
 

Similar to Vpn (20)

Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
versa router teletronics
versa router teletronicsversa router teletronics
versa router teletronics
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Chapter
ChapterChapter
Chapter
 
Azure Networking (1).pptx
Azure Networking (1).pptxAzure Networking (1).pptx
Azure Networking (1).pptx
 
Eyeball AnyConnect™ Gateway Administration Guide
Eyeball AnyConnect™ Gateway Administration GuideEyeball AnyConnect™ Gateway Administration Guide
Eyeball AnyConnect™ Gateway Administration Guide
 
Ccnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examCcnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_exam
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reports
 
Cognex In-Sight - Network Settings.pdf
Cognex In-Sight - Network Settings.pdfCognex In-Sight - Network Settings.pdf
Cognex In-Sight - Network Settings.pdf
 
Wireless Hotspot Kit
Wireless Hotspot KitWireless Hotspot Kit
Wireless Hotspot Kit
 
Private LTE.pdf
Private LTE.pdfPrivate LTE.pdf
Private LTE.pdf
 
Vivpn pp tfinal
Vivpn pp tfinalVivpn pp tfinal
Vivpn pp tfinal
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAP
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Vpn setup guide
Vpn setup guideVpn setup guide
Vpn setup guide
 
Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003
 
Ebr 2310 revb-manual_2.1.0_en
Ebr 2310 revb-manual_2.1.0_enEbr 2310 revb-manual_2.1.0_en
Ebr 2310 revb-manual_2.1.0_en
 

Vpn

  • 1. Common configuration for the VPN server To deploy a VPN solution for Electronic, Inc., the network administrator performs an analysis and makes design decisions regarding: The network configuration The remote access policy configuration The domain configuration The security configuration The network configuration The key elements of the network configuration are: The Electronic, Inc. corporate intranet uses the private networks of 172.16.0.0 with a subnet mask of 255.240.0.0 and 192.168.0.0 with a subnet mask of 255.255.0.0. The corporate campus network segments use subnets of 172.16.0.0 and the branch offices use subnets of 192.168.0.0. The VPN server computer is directly attached to the Internet by using a T3 (also known as a DS-3) dedicated WAN link. The IP address of the WAN adapter on the Internet is 207.209.68.1 as allocated by the Internet service provider (ISP) for Electronic, Inc. The IP address of the WAN adapter is referred to on the Internet by the domain name vpn.electronic.microsoft.com. The VPN server computer is directly attached to an intranet network segment that contains a RADIUS server, a file and Web server for business partner access, and a router that connects to the rest of the Electronic, Inc. corporate campus intranet. The intranet network segment has the IP network ID of 172.31.0.0 with the subnet mask of 255.255.0.0. The VPN server computer is configured with a static pool of IP addresses to allocate to remote access clients and calling routers. The static pool of IP addresses is a subset of the intranet network segment (an on-subnet address pool). The following illustration shows the network configuration of the Electronic, Inc. VPN server. Note While the illustration shows the RADIUS server and file and Web server, the RADIUS server is not discussed until Dial-up and VPNs with RADIUS, and the file and Web servers are not discussed until Extranet for Business Partners. Based on the network configuration of the Electronic, Inc. corporate campus intranet, the VPN server computer is configured as follows. 1. Install hardware in the VPN server The network adapter that is used to connect to the intranet segment and the WAN adapter that is used to connect to the Internet are installed according to the adapter manufacturer's instructions. Once drivers are installed and functioning, both adapters appear as local area connections in the Network Connections folder. 2. Configure TCP/IP on the LAN and WAN adapter
  • 2. For the LAN adapter, an IP address of 172.31.0.1 with a subnet mask 255.255.0.0 is configured. For the WAN adapter, an IP address of 207.209.68.1 with a subnet mask 255.255.255.255 is configured. A default gateway is not configured for either adapter. DNS and WINS server addresses are also configured. 3. Install the Routing and Remote Access service The Routing and Remote Access Server Setup Wizard is run. Within the wizard, the Remote Access (dial-up or VPN) option is selected. For more information, see Enable the Routing and Remote Access service. While running the wizard, a static IP address pool with a starting IP address of 172.31.255.1 and an ending IP address of 172.31.255.254 is configured. This creates a static address pool for up to 253 VPN clients. For more information, see Create a static IP address pool. The default method of authenticating remote access and demand-dial connections is to use Windows authentication, which is appropriate in this configuration containing only one VPN server. For information on the use of RADIUS authentication for Electronic, Inc., see Dial-up and VPNs with RADIUS. For more information on the use of Windows and RADIUS authentication, see Authentication vs. authorization. 4. Enable the EAP authentication method To enable the use of smart card-based remote access VPN clients and certificate-based calling routers, the network administrator enables Extensible Authentication Protocol (EAP) on the VPN server. For more information, see Enable EAP. 5. Configure static routes on the VPN server to reach intranet and Internet locations To reach intranet locations, a static route is configured with the following settings: Interface: The LAN adapter attached to the intranet Destination: 172.16.0.0 Network mask: 255.240.0.0 Gateway: 172.31.0.2 Metric: 1 This static route simplifies routing by summarizing all destinations on the Electronic, Inc. intranet. This static route is used so that the VPN server does not need to be configured with a routing protocol. To reach Internet locations, a static route is configured with the following settings: Interface: The WAN adapter attached to the Internet Destination: 0.0.0.0 Network mask: 0.0.0.0 Gateway: 0.0.0.0 Metric: 1 This static route summarizes all destinations on the Internet. This route allows the VPN server to respond to a remote access client or demand-dial router VPN connection from anywhere on the Internet. Note Because the WAN adapter creates a point-to-point connection to the ISP, any address can be entered for the gateway. The gateway address of 0.0.0.0 is an example. 0.0.0.0 is the unspecified IP address. Setting the phone number for the PPTP and L2TP devices To aid in the configuration of remote access policies to confine VPN connections from Internet users, the port properties for the WAN Miniport (PPTP) and WAN Miniport (L2TP) devices are modified with the IP address of the VPN server's Internet interface in the Phone number for this device field. For more information, see Set the phone number on a port. Configure a static route on the intranet router to reach all branch offices To reach branch office locations from the intranet router, a static route is configured with the following settings:
  • 3. Interface: The LAN adapter attached to the intranet Destination: 192.168.0.0 Network mask: 255.255.0.0 Gateway: 172.31.0.1 Metric: 1 This static route simplifies routing by summarizing all destinations at branch offices of Electronic, Inc. The remote access policy configuration Electronic, Inc. has migrated to a Windows 2000 native domain and the network administrator for Electronic, Inc. decides on an access-by-policy administrative model. The remote access permission on all user accounts is set to Control access through Remote Access Policy. The granting of remote access permission to connection attempts is controlled by the remote access permission setting on the first matching remote access policy. Remote access policies are used to apply different VPN connection settings based on group membership, and the default remote access policies are deleted. For more information, see Introduction to remote access policies. The domain configuration To take advantage of the ability to apply different connection settings to different types of VPN connections, the following Active Directory groups are created: VPN_Users Used for remote access VPN connections VPN_Routers Used for router-to-router VPN connections from Electronic, Inc. branch offices VPN_Partners Used for router-to-router VPN connections from Electronic, Inc. business partners Note All users and groups in this implementation example are created in the electronic.microsoft.com Active Directory domain. The security configuration To enable L2TP/IPSec connections, the use of smart cards by remote access clients, and the use of EAP-TLS by routers, the Electronic, Inc. domain is configured to auto-enroll computer certificates to all domain members. For more information, see Deploying Certificate-based Authentication for VPN Connections. Notes On Windows Server 2003, Web Edition, and Windows Server 2003, Standard Edition, you can create up to 1,000 Point-to-Point Tunneling Protocol (PPTP) ports, and you can create up to 1,000 Layer Two Tunneling Protocol (L2TP) ports. However, Windows Server 2003, Web Edition, can accept only one virtual private network (VPN) connection at a time. Windows Server 2003, Standard Edition, can accept up to 1,000 concurrent VPN connections. If 1,000 VPN clients are connected, further connection attempts are denied until the number of connections falls below 1,000. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.