Tuesday, May 28, 2013



Setup a Windows Server 2012 VPN


I will be showing us how to install and configure a Windows Server 2012 VPN connection. This post would focus on simple basic setup for a test environment with a single NIC on the Internal network behind a firewall.
Steps:
- Start the Server Manager
Windows DHCP Server
- Click Add Roles and Features from the Manage Menu
Windows DHCP Server
- On Add Roles and Features wizard begins and click Next
Windows DHCP Server
- Select the Role-based or feature-based installation option and click Next
Windows DHCP Server
- If you have more than one server managed via the server manager console, then select the desired server you’d like to install Routing and Remote Access on
Windows DHCP Server
- From the Roles lists select Remote Access, click Add Features on the popup window
Remote Access VPN
- Click Next
Remote Access VPN
- No additional features required at this point, click Next
Remote Access VPN
- Have a quick read on what DirectAccess & RRAS VPN is, then click Next
Remote Access VPN
- Select DirectAccess and VPN (RAS), click Next
Remote Access VPN
- Click Next after reading this if you care :)
Remote Access VPN
- Accept default selections and click Next
Remote Access VPN
- Review the confirmation page and click Install to begin
Remote Access VPN
- When installation is completed, click Close
Remote Access VPN
Go to Page2: Post deployment and configuration
In continuation of our VPN setup from page1, I will conclude the VPN setup in this post by running the post deployment task and configuring the settings.
Steps:
- From the Server Manager screen, click on the warning sign and click ‘Open the Getting Started Wizard’
Remote Access VPN
- On Configure Remote Access, click Deploy VPN Only. Note if you are deploying this on a domain based environment, then select either Deploy both DirectAccess and VPN or Deploy DirectAccess Only
Remote Access VPN
- From the Routing and Remote Access mmc, right-click on the server and click ‘Configure and Enable Routing and Remote Access’
Remote Access VPN
- Click Next on the wizard
Remote Access VPN
- Select Custom Configuration
Remote Access VPN
- Select VPN access
Remote Access VPN
- On completion, click Finish
Remote Access VPN
- Click Start service to start the RRAS service
Remote Access VPN
- Wait for the service to startup
Remote Access VPN
- After the service had started, you should have your Routing and Remote Access service configured
Remote Access VPN
Next Steps: We need to configure the following additional tasks
1. Add IPv4 IP address range that would be assigned to each client machines as they connect to the VPN
- From the Routing and Remote Access mmc, right-click on the server and click ‘Properties’
Remote Access VPN
- Under properties screen click IPv4 tab, select Static address pool, click Add and enter the desired IP address range on the windows popup
Remote Access VPN
- Click OK to close
Remote Access VPN
2. Enable Remote Access for users
- On a domain based network, open the properties of a domain user account via Active Directory Users and Computer mmc. Click on Dail-in, under Network Access Permission click Allow access (Note: on a workgroup server, you can enable this on local users account via Computer Management/Local Users and Groups/Users OU)
Remote Access VPN
3. Configure Windows Firewall
- To allow routing and Remote Access on local windows firewall, from Start screen, type ‘Firewall’, click Settings on the searched result, then click ‘Allow an App through Windows Firewall’.
Remote Access VPN
- Locate Routing and Remote Access and ensure Domain, Private and Public are checked
Remote Access VPN
4. Configure Perimeter Firewall
- Based on the type of firewall you have, ensure the following ports are allowed traffic to the RRAS server:
PPTP Connections:
TCP 1723
L2TP/IPSec Connections:
TCP 1701
UDP 500
SSTP Connections:
TCP 443

No comments:

Post a Comment