1 / 16

Setting up the VPN client in Windows Server 2008

Setting up the VPN client in Windows Server 2008. Processes. 1. Enable Security Centre 2. Enable the System Health Agent 3. Configure Certificate Trusts 4. Configure the VPN client. If the client is a domain member, the security centre will be disabled.

tarika
Télécharger la présentation

Setting up the VPN client in Windows Server 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Setting up the VPN clientin Windows Server 2008

  2. Processes • 1. Enable Security Centre • 2. Enable the System Health Agent • 3. Configure Certificate Trusts • 4. Configure the VPN client If the client is a domain member, the security centre will be disabled. This can be enabled in the local security policy through the following procedure

  3. Assumptions • VPN client host name : Serv1

  4. VPN Client Security Center : on • 1. start -> run -> gpedit.msc • 2. “Local Computer Policy” -> “Computer Configuration” -> “Administrative Templates”-> ”Windows Components” -> “Security Center” • 3. Turn on “Security Center” • 4. Close the Local GroupPolicy Editor

  5. VPN Client setting the “Remote Access Quarantine Enforcement Client” • This is done with the NAP Client Configuration MMC (napcfcfg.msc) • 1. start->run->napcfcfg.msc • 2. select “Enforcement Clients” • 3. enable the “Remote Access Quarantine Enforcement Client” • 4. exit the NAP If there is no napcfcfg.msc on your Win2K8, type “mmc”. In “File” menu, select “Add/Remove Snap-in..”, select “NAP(Network Access Protection) ClientConfiguration” from left pane. In the pop window, check the “Local computer”. Return the MMC and save the console as “napcfcfg.msc”

  6. VPN Client Network Access Protection Agent • Set the “Network Access Protection Agent” service to start automatically • 1. start->run->services.msc • 2. highlight the “Network Access Protection Agent” and select Action and then select Properties • 3. change the Startup type to “Automatic” and start it.

  7. Certificate Authority • For PEAP(Protected Extensible Authentication Protocol) to function correctly, the client will need to trust the Certificate Authority.This can be done using automatic enrolment for AD domain members, through the certificate enrolment site, or manually by exporting and importing the certificate.

  8. Export the certificate • 1. Logon the Certificate Authority server(CAServ) • 2. start->Administrative Tools->Certification Authority • 3. highlight the Certification Authority(in this case, companyname-CAServ-CA), and select Action and then click on Properties • 4. click on the View Certificate btn. -> “Details”-”Copy to File” -> Next->accept the default Export File format This certificate will be used to certify the “CAServ Certificate Authority” to the client, which will permit the client to trust certificates issued by the “Certificate Authority”. This will require that the client import the certificate into the local computer trusted “Certificate Authority” store.

  9. VPN Client Import the Certificate • 1. copy the CA certificate file to the VPN client • 2. start->run->mmc • 3. File->”Add/Remove Snap-ins”->”Certificates”->Add • 4. select “Computer account”->Next->”Local computer”->Finish • 5. expand the “Certificates(Local Computer)” -> “Trusted Root Certification Authorities”-> highlight the “Certificates” folder • 6. right-click->”All tasks”->Import

  10. VPN Client Import the Certificate • 7. browse the CA certificate file(*.cer) • 8. place the certificate in the “Trusted Root Certification Authorities” folder. • 9. exit the console without saving

  11. VPN Client Setup and configure the VPN • 1. start->”Control Panel” -> “Network and Sharing Center” • 2. Click “Set up a new connection or network”

  12. VPN Client Setup and configure the VPN • 3. select “Connect to a workplace” • 4. click “Use my Internet connection (VPN)”

  13. VPN Client Setup and configure the VPN • 5. enter the “Internet address”, and check the “Don’t connect now”, need to configure additional settings • 6. enter the “User name” and “Password”

  14. VPN Client Setup and configure the VPN • 1. click “Change adapter settings” and right-click the VPN connection just set before, select Properties -> ”Options” tab->uncheck “Include Windows logon domain”

  15. VPN Client Setup and configure the VPN • 2. in Security tab, select “PPTP” as type of VPN and something like the right figure.

  16. reference • http://www.itechtalk.com/thread1890.html

More Related