When you have offices in different countries, it may be interesting to have access to data hosted elsewhere in the world.
To do this, we will use the VPN gateway system.
Info : in business, it's possible to use IP VPN technologies available from some operators : IP VPN from Orange (diagram available here) or SD-WAN from Interoute (GTT) for example.
If you check the WHOIS of your company's public IP address in the case of IP VPN, you will see for example this "[country name] [city name] Customer P2p Interface Addresses In [2-letter code country]" for the location of your IP address.
In this tutorial we will take the example of a company that would be implemented in Belgium (with an office in Brussels) and who would also have another office in France (in Paris).
Note : if you want to learn more about VPN technology, see our previous tutorial : Windows Server 2012 - Routing and VPN server
To implement this solution and best match the configuration of a real corporate network, here is the network configuration we used :
The VPN1 and VPN2 servers will act as VPN gateways, but also as routers for machines on our intranets (LANs).
Important : to access servers on the internal network, as well as those on the remote network, it's recommended to use different IP addresses on these two networks. Indeed, with the VPN connection, all the machines of the two networks will be on the same network.
As you can see on the image below, each server has an unique LAN IP address. For example : 10.0.1.10 for the domain controller (Active Directory) of the 1st network and 10.0.2.10 for the domain controller of the remote network.
For the configuration of the DHCP servers, here is their configurations :
For the scope options, we will use the following options / values.
For the DHCP server of the 1st network :
For the DHCP server of the 2nd network :
Since the VPN gateway system will allow you to connect multiple remote networks in a single network, it may be necessary to configure the hardware firewalls that would be present between your network and the Internet. This is particularly the case in large companies.
Warning : it isn't about the Windows firewall, which is, by default, configured correctly to allow the PPTP and L2TP VPN connections that we will use in this tutorial.
To know which ports to unblock (depending on your configuration), see the "Which ports to unblock for VPN traffic to pass-through ?" page created by Samir Jain on the Microsoft Technet.
To install the VPN server and the router, launch the Add Roles and Features Wizard and select "Role-based or feature-based installation".
Important : this must be done on your 2 servers (VPN1 and VPN2).
Select your server and click "Next".
Select "Remote Access" and click Next.
Select "DirectAccess and VPN (RAS)" for the installation of the VPN gateway and "Routing" for the router.
Click Install.
The installation begins.
At the end of the installation, click on the "Open the Getting Started Wizard" link.
Click "Deploy VPN only".
Important : this must be done on your 2 servers (VPN1 and VPN2).
Right-click the name of your server and click "Configure and Enable Routing and Remote Access".
The Routing and Remote Access Setup Wizard opens.
Select "Virtual Private Network (VPN) access and NAT" and click "Next".
Select the network interface (network adapter) of your server connected to the Internet.
Note : as you can see, we had already renamed our LAN and WAN network cards to know which network card is connected to the Internet and which network card is connected to the internal network.
Select "Automatically" so that your DHCP server distributes the IP addresses to the VPN server clients.
Choose "No, use Routing and Remote Access to authenticate connection requests". By choosing this option, this server will use your Active Directory to authenticate your users.
The wizard displays a summary of the configuration.
Windows will display a message about the configuration of the DHCP Relay Agent. Click OK.
The server initializes the Routing and Remote Access server, and then starts the necessary services.
To complete the configuration, go to IPv4 and right click "Properties" on "DHCP Relay Agent".
Specify the address of your DHCP server and click Add, and then click OK.
In our case, for our VPN1 server, this is the IP address : 10.0.1.11
For our VPN2 server, this is the IP address : 10.0.2.11
Windows Server 4/28/2012
Windows Server 8/8/2012
Windows Server 4/22/2015
Windows Server 12/3/2016
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
You must be logged in to post a comment