In business, it happens that employees or boss should go on a mission outside.
When they leave the company, they no longer have access to services hosted in their company.
To remedy this, there are VPN tunnels. This technology allows you to access your entire LAN from the outside in a completely secure way.
Once connected to your company's VPN server, your computer will virtually be in your company's local network as if you were physically there.
This technology is very convenient, but beware of hacking attempts because if your VPN server is not properly secured, a hacker might use it to gain access to your entire network.
Until you block his access (but it will probably be too late).
When you try to install Remote Access Services (including VPN), Windows Server will offer you to choose between :
So what is the difference between these 2 technologies and which technology to choose ?
For VPN, it is to create a secure network connection to your corporate network.
With this network connection, your computer will be virtually in your company's network.
As you'll see on the "DirectAccess Overview" page of the Microsoft site, DirectAccess is a technology that allows you to create a two-way connection with an internal network when a DirectAccess computer connects to the Internet.
When you use DirectAccess :
For example: If an employee has a laptop that is a member of your domain (in your organization's network), you can manage its security and automatically set policies for it through Group Policy.
This is possible because the laptop is linked to your domain and he connects with a user's account of your Active Directory.
However, when he leave your company, you will no longer be able to manage this PC. Unless you are using the DirectAccess technology.
Note that this technology is very complex to set up, although it is very interesting.
The technology to use depends on your needs and especially if you want to be able to manage these remote PCs as if they were really in the network of your company.
For this tutorial, we will use 2 servers :
In our case, our second server will act as a router and a VPN server.
With this server, users of our network will have access to the Internet through our server and authorized users will be able to connect to our network by connecting to our VPN server.
Here is the network configuration of our 2 servers.
The first server (Active Directory) :
The second server (router and VPN server).
Since he will act as a router, this server therefore has 2 network cards :
For the network card connected to our internal network, we have defined a static IP address "10.0.0.11".
Indeed, we must set a static IP address, because the DHCP server is installed on this server and our server will also act as a router.
There is no gateway, because it's our server.
For the DNS server, we use the one that was automatically installed during the installation of the Active Directory (on our 1st server).
For the network card connected to the Internet, our Box distributes IP addresses of type : 192.168.x.x
We have therefore chosen an IP address that is easy to memorize : 192.168.1.10.
The gateway corresponds to the IP address of our Box : 192.168.1.1
For DNS servers, we will use those provided by our ISP (which are in the Box) and publics DNS servers of Google.
On the server where you installed your Active Directory, you will also find a DNS server (this one was automatically installed when the Active Directory was installed).
However, by default, this DNS server resolves only domain names of your local network.
To allow your DNS server to also resolve domain names of the Internet, you will need to add redirectors.
To do this, launch the "DNS" program, then right-click "Properties" on your server's name.
Then, go in the "forwarders", click the "Edit" button at the bottom of the list and add the Google public DNS servers (8.8.8.8 and 8.8.4.4).
For more information about this configuration, see : Configuring the DNS server (to support Internet)
For the DHCP server installed on the server that will act as a router and VPN server, we have configured it to :
To begin, start the wizard to add roles and features.
As you can see, our second server has two IP addresses (one for each network adapter).
Add only the "Remote Access" role and click "Next".
No feature required.
Click Next.
Windows displays a description of the "Remote Access" role and of the "DirectAccess" technology.
Check "DirectAccess and VPN (remote access)" and "Routing" roles.
Windows displays a description of the "Web Server (IIS)" role.
Click Next.
Click "Install".
As you can see, the wizard will also install the Connection Manager Administration Kit (CMAK).
This program will allow you to create an executable to automatically install and configure a VPN client on your users computers with the settings you want.
In short, for your users, it will be enough to launch this program to be able to connect to the VPN server of your company.
When the installation is complete, click the "Open the Getting Started Wizard" link.
Windows Server 4/28/2012
Windows Server 4/22/2015
Windows Server 12/9/2016
Windows Server 11/23/2017
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
You must be logged in to post a comment