Menu
InformatiWeb Pro
  • Index
  • System admin
  • Virtualization

Login

Registration Password lost ?
FR
  • Windows Server
    • WMS 2012
    • WS2012 R2
    • WS2016
  • Citrix
    • Citrix NetScaler Gateway
    • Citrix XenApp / XenDesktop
    • Citrix XenServer
  • VMware
    • VMware vSphere
    • VMware Workstation
  • Microsoft
    • Hyper-V
  • InformatiWeb Pro
  • System admin
  • Windows Server
  • Routing and VPN gateways on Windows Server 2012
  • Windows Server
  • VPN, Routage
  • 09 December 2016 at 13:20 UTC
  • InformatiWeb
  • 1/3

Routing and VPN gateways on Windows Server 2012

When you have offices in different countries, it may be interesting to have access to data hosted elsewhere in the world.
To do this, we will use the VPN gateway system.

Info : in business, it's possible to use IP VPN technologies available from some operators : IP VPN from Orange (diagram available here) or SD-WAN from Interoute (GTT) for example.
If you check the WHOIS of your company's public IP address in the case of IP VPN, you will see for example this "[country name] [city name] Customer P2p Interface Addresses In [2-letter code country]" for the location of your IP address.

In this tutorial we will take the example of a company that would be implemented in Belgium (with an office in Brussels) and who would also have another office in France (in Paris).

Note : if you want to learn more about VPN technology, see our previous tutorial : Windows Server 2012 - Routing and VPN server

  1. Network configuration used
  2. Hardware firewalls configuration
  3. Install the VPN server and the router
  4. Configure the VPN server and the router
  5. Create and configure VPN gateways
    1. Create users
    2. Connect site 1 (Brussels) to site 2 (Paris)
    3. Connect site 2 (Paris) to site 1 (Brussels)
  6. Static routing for LAN computers
    1. Static routing in command line
    2. Static routing with group policies (GPO)
  7. Test VPN Gateways
  8. Configure VPN gateways to use L2TP/IKEv2
  9. Test VPN gateways (over L2TP/IKEv2)

1. Network configuration used

To implement this solution and best match the configuration of a real corporate network, here is the network configuration we used :

  • 1 Active Directory server in each network (the Active Directory role must already be configured on these servers)
  • 1 server in each network with DHCP (already installed), VPN and router (so, these servers have 2 network cards : 1 for the LAN network and the other connected to the Internet)

The VPN1 and VPN2 servers will act as VPN gateways, but also as routers for machines on our intranets (LANs).

Important : to access servers on the internal network, as well as those on the remote network, it's recommended to use different IP addresses on these two networks. Indeed, with the VPN connection, all the machines of the two networks will be on the same network.
As you can see on the image below, each server has an unique LAN IP address. For example : 10.0.1.10 for the domain controller (Active Directory) of the 1st network and 10.0.2.10 for the domain controller of the remote network.

For the configuration of the DHCP servers, here is their configurations :

  • The DHCP server of the 1st network (VPN1 server in the image above) distributes IP addresses from 10.0.1.20 to 10.0.1.30 with a subnet mask of 255.255.255.0
  • The DHCP server of the 2nd network (VPN2 server in the image above) distributes IP addresses from 10.0.2.20 to 10.0.2.30 with a subnet mask of 255.255.255.0

For the scope options, we will use the following options / values.

For the DHCP server of the 1st network :

  • 003 Router : 10.0.1.11 (IP address of the VPN1 server)
  • 006 DNS Servers : 10.0.1.10 (IP address of the Active Directory server)
  • 015 DNS Domain Name : nom de domaine local choisi lors de la création de votre Active Directory.

For the DHCP server of the 2nd network :

  • 003 Router : 10.0.2.11 (IP address of the VPN2 server)
  • 006 DNS Servers : 10.0.2.10 (IP address of the Active Directory server)
  • 015 DNS Domain Name : local domain name specified when creating your Active Directory.

2. Hardware firewalls configuration

Since the VPN gateway system will allow you to connect multiple remote networks in a single network, it may be necessary to configure the hardware firewalls that would be present between your network and the Internet. This is particularly the case in large companies.

Warning : it isn't about the Windows firewall, which is, by default, configured correctly to allow the PPTP and L2TP VPN connections that we will use in this tutorial.

To know which ports to unblock (depending on your configuration), see the "Which ports to unblock for VPN traffic to pass-through ?" page created by Samir Jain on the Microsoft Technet.

3. Install the VPN server and the router

To install the VPN server and the router, launch the Add Roles and Features Wizard and select "Role-based or feature-based installation".

Important : this must be done on your 2 servers (VPN1 and VPN2).

Select your server and click "Next".

Select "Remote Access" and click Next.

Select "DirectAccess and VPN (RAS)" for the installation of the VPN gateway and "Routing" for the router.

Click Install.

The installation begins.

At the end of the installation, click on the "Open the Getting Started Wizard" link.

4. Configure the VPN server and the router

Click "Deploy VPN only".

Important : this must be done on your 2 servers (VPN1 and VPN2).

Right-click the name of your server and click "Configure and Enable Routing and Remote Access".

The Routing and Remote Access Setup Wizard opens.

Select "Virtual Private Network (VPN) access and NAT" and click "Next".

Select the network interface (network adapter) of your server connected to the Internet.

Note : as you can see, we had already renamed our LAN and WAN network cards to know which network card is connected to the Internet and which network card is connected to the internal network.

Select "Automatically" so that your DHCP server distributes the IP addresses to the VPN server clients.

Choose "No, use Routing and Remote Access to authenticate connection requests". By choosing this option, this server will use your Active Directory to authenticate your users.

The wizard displays a summary of the configuration.

Windows will display a message about the configuration of the DHCP Relay Agent. Click OK.

The server initializes the Routing and Remote Access server, and then starts the necessary services.

To complete the configuration, go to IPv4 and right click "Properties" on "DHCP Relay Agent".

Specify the address of your DHCP server and click Add, and then click OK.
In our case, for our VPN1 server, this is the IP address : 10.0.1.11

For our VPN2 server, this is the IP address : 10.0.2.11

Next page

Share this tutorial

Partager
Tweet

To see also

  • WS 2003 - NAT and network routing

    Windows Server 4/28/2012

    WS 2003 - NAT and network routing

  • WS 2012 - NAT and network routing

    Windows Server 4/22/2015

    WS 2012 - NAT and network routing

  • WS 2012 - Routing and VPN server

    Windows Server 12/3/2016

    WS 2012 - Routing and VPN server

  • WS 2012 / 2012 R2 - Dynamic routing (RIPv2)

    Windows Server 11/23/2017

    WS 2012 / 2012 R2 - Dynamic routing (RIPv2)

Comments

You must be logged in to post a comment

Share your opinion

Pinned content

  • Software (System admin)
  • Linux softwares
  • Our programs
  • Terms and conditions
  • Share your opinion

Contact

  • Guest book
  • Technical support
  • Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.