• Home
• About
• Advertise
• Contact
• Search

Setting up SSL-VPN in an Windows Server 2008 environment part 2

Yesterday we setup our server to be able to handle the remote access requests. If you haven’t read the first part of this guide you can find it here. Today we will be taking a look at the next step.

Configure Active Directory account

First we need to make sure the user will be able to connect to the SSTP VPN gateway. I have a test user called Sally Sales, and yes she works in the Sales department. So I use ADUC (Active Directory Users and Computers) to modify her account. She needs to have permissions to use Dial In even if she really isn’t dialing in.

So select the users properties and on the Dial In tab change Network Access Permission from Control access trough NPS Network Policy to Allow Access. We can’t use NPS Network policies since we don’t have an Network Access Protection server, for the moment anyway. Once your done just click ok. Sally Sales is now minutes away from connecting with VPN.

Configure Vista SSTP VPN client

Next we need to take care of Sally’s laptop. Normally she could fix this herself since the vpngw.nixadmins.net is already on a public network. But in our test lab we are using the HOST file to point her the right way.

Open the command prompt on your Vista workstation using Administrative privileges. In the prompt enter

notepad.exe C:\Windows\System32\Drivers\etc\hosts

Because we don’t have a DNS on our “public” network we have to use the host file. So at the end of the file add a line 10.0.0.1 vpngw.nixadmins.net (in my case, yours might differ).

Save the file.

Create the new VPN Network connection

Now we need ( using Sally’s credentials ) to create the new network connection.  So right click on the network icon in the system tray and select Connect to a network.

Select Setup a connection or network. Select Connect to a workplace.

Click next and select Use my Internet connection (VPN).  Because this is a virtual machine with a local only network the system asks us if we want to set up a Internet connection. We already have one so we choose I’ll set up an Internet connection later.

Next are the settings for the VPN gateway. So the internet address should be your public name of the server, in my case vpngw.nixadmins.net and let’s give Destination name an clear name saying Corporate VPN connection.

We aren’t using a smartcard and for now we don’t want to share this connection either. So just click next. I also won’t type the username and password here. I’ll rather provide them at login. That’s it. The connection is now ready to use.

But at the moment it will use PPTP and we want to use SSTP. So let’s continue. Go to your network connections and select properties on the Corporate VPN Connection. Select the tab Networking and change the Type of VPN to Secure Socket Tunneling Protocoll (SSTP).

Testing the SSTP VPN connection

Now we can test our new SSTP connection. So in the system tray right click on your network icon and select connect to a network. Select the Corporate VPN Connection and supply your user credentials. ssales in my case.

Then just click connect and wait a moment for the tunnel to connect.

That’s it. Your client is now connected to your corporate headquarters.  As I have shown you in these two short articles. Supplying your users with a secure offsite connection to the corporate network isn’t a great deal of work. Anyway, these are just the basics. So I encourage you to study more about securing Windows Server and take a look at Microsoft’s documentation on the Routing and Remote Access documentation. This is a server connected on the public Internet so caution is always a good thing.

Some extra reading can be found here

• Windows Server 2003 Routing and Remote Access
• New in Windows Server 2008 Routing and Remote Access
• Securing Windows Server 2008
• Routing and remote access blog on how SSTP based VPN works

That’s it for this time. Hope to see you soon when we take a look at Windows Server 2008’s capabilities in providing Network Access Protection (NAP). But that’s a story for another day.

Feel free to comment and provide me with feedback if you find this two part guide useful.

Related posts:

1. Setting up SSL-VPN in an Windows Server 2008 environment In this 2 part series we will look at setting...
2. Troubleshoot Juniper Firewall/VPN devices Sometimes things don’t turn out the way you would expect...

Advertising

Recent Posts

• Unable to use Active Sync / direct push on Exchange 2010
• Affordable SAN(UCC) certificates for Exchange Server
• Prepare a Virtual Environment for testing
• New theme
• Systems Center Configuration Manager 2007, Secondary site Pending

Archives

May 2010

April 2010

January 2010

December 2009

November 2009

October 2009

July 2009

April 2009

March 2009

February 2009

January 2009

December 2008

Login

Register

Log in

Browse by tags

Acrobat Active Directory Apple ASP.NET CentOS Defragmentation Domain Drivers Free Software Group policy Install Linux MSI Nixadmins OSX programs Redhat Security Service Pack 3 SSL VPN SSTP VPN tools Virtual PC VPN Windows 7 Windows Deployment Services Windows Server Windows Vista Windows XP WinPE

Ads

Ads