How to Setup a VPN with Windows Server 2012 Part 1

welcome to another video today what I’m going to show you is how to set up a VPN server on Server 2012 r2 so in front of me what I have is server one and I’m going to log into it it it is our DC and what I’m going to do is I’m going to go ahead and install DHCP now I’m showing you this because I want to show you both ways to configure the IPS just going to wait for it to take account of what it’s got here and it looks like it’s up and running I’m going to go ahead and install the DHCP server now since I’m on the actual domain controller I’m logged in as a province admin I’m just going to click through this and we’re installing the tools and we won’t need to restart so we’ll go ahead and get this installed and while this is installing what I’m going to do is I’m going to sounds over to server two now server two I’m going to have to add a system placard to so what we’re going to do is right now it’s part of VM net for its attached to the contoso domain and I’m going to add a second network card into VM net v so VM net four is going to be our internal network and VM net five going to get our external system so I vanished ahead and added that and I’m going to go ahead and start server two up there’s a little bit of post configuration I’m going to need to do but while server two is starting up I’m going to finish the DHCP wizard and certainly all I need to do is complete the DHCP configuration doing this is going to authorize it an active index so again since I’m logged in as a discipline admin I didn’t I do not have to specify alternate credentials and that’s done now so I’ll go ahead and close that up and I’m going to go ahead and configure DHCP so all I’m going to do here is create a brand new scope and bellows there we go and let’s say new scope and next and I’m going to call this internal scope and I’m going to start the IP at 1 9 2 1 6 8 1 scatter ten two one nine two one six eight 1.20 and keep the default subnet mask no exclusions or retards loan span and I can’t I are happy to start that at least dignified figure and I’ll go ahead and configure alternatives now so one 92168 1.1 contoso for the domain and the mention server and next and I’ll activate its scope of application so now I get a nice healthy remit here I’m just going to open this scope and we picture we have no rentals now so I’m going to leave server 1 and go over to server 2 and as I “ve told you” server 2 is going to be the VPN it’s going to be in VM net 4 along with the DC that’s going to serve as our internal system and it’s also going to have leg in the outside in VM net 5 now VM that v is we’re going to arrange server 3 which is going to be a client externally on our structure so I’ll prove you the exact sear in a minute let me go ahead and loop so I guess it’s powered up once let me go ahead and login but what I’m going to do is I’m going to log in as a province admin so executive at contoso dot-com and I’m going to have to actually configure the external boundary so we’re go to change adapter arranges Ethernet 0 is obviously inside of our internal structure ok you can see it’s coming up as contoso land network and ethernet one is going to be our external interface we just add it so there it travels so I’m going to go ahead and give that an IP of 1 92168 you know what let me let me give it a public IP I’m just going to make a bogus amount 13150 speck 1.2 ok not really going to specify that I just got to remember that IP here 13150 1.2 ok so now I’ve got an external IP on Ethernet 1 so let’s just take a look at how this inspects IP config and drag is down a bit and we could see our external ether in Earth Ethernet interface is 13150 1.2 and our internal is 1 92168 1.2 so I can ping 1 9 2 1 6 8 1.1 which is our domain controller I’m getting a ping back because I have file sharing enabled and that automatically admits ICMP this server nonetheless is not configured for anything of the other than just to network adapters and when we get done it’s really going to be configured with VPN access so I’m going to go ahead and open up a firewall govern and again this is for lab purposes so really draw that a bit bigger and I just wanted to get ICMP v4 in now I know it’s for record and publish sharing it’s just an repetition petition though so you could manually establish this with net shell or a ability powershell command but I’m just going to enable it precisely quick and easy alright so now that I’m done there let’s go ahead and install our fire or rather routing and remote access on server to I exactly apply it a instant here to take a count and I’m going to click on lent roles and features and we are going to go and select remote access now they’ve reformed things in 2012 when you enable remote remote access it’s going to mostly allow you to install direct access n VPN route and network application proxy we just want direct access in VPN we’re going to add all the axillary snap-ins management tools next next and it wants to install is that’s fine that’s part of the direct access I imagine even though we’re not installing it and we don’t really have to restart it’s not going to restart so we will say install and while it’s installing I’m going to flip over to server 3 and we’re going to acclimate server 3 as our acquire tie-in or our external associate so I’m going to go into the locates and remember it’s on VM net 4 we’re going to basically leant it on VM net 5 so this way it is on the external substitution of our system connected to server 2 so we’ll okay this and we’ll go ahead and dominance it up now once it gets on its feet I’m going to have to give it an IP address in that 131 and 5000 Network so I’ll come up here pretty quick and might be turning me into a liar app there get okay now might stutter here when it goes to login because it is actually attached to contoso that is not a requirement it just happens to be a circumstance of this laboratory I had rectified everything is up in a connected pattern but this could be any client so say I’m going to go check on server – well this is deciding to start up since the DC is not present and it looks a lot like servitude has finished installing routing and remote access which is great get a little notification here it’s going to want me to start the getting started wizard which is going to guide us to either invest direct access and VPN to deploy direct access only or deploy VPN merely and here’s what I just wanted to do I exactly want to mess with VPN exclusively I found that if you install direct access n VPN certain features are turned off per se exercising reserves and I haven’t really dug into TechNet as to why but I’ve always analyse the slab as a VPN lab only so we’ll go ahead and check on server 3 who is currently up is moving forward and login and let’s give this an IP in the same network what was that IP again and it was 130 150 I guess it really doesn’t matter 2/16 but 130 150 ok so let’s go ahead and configure this chap this is server 3 I’m on clearly 13150 one fleck not what the heck we’ll left open at 1.3 so it’s easy to remember got to change the mask and we’re just going to back out the DNS we’re not expend DNS that really would not matter if you left it in there so okay and at this object we illuminate the burn will make love thing it’s learnt an undefined Network and it’s public public structure site awareness firewall stance and I’m going to go ahead and we’re just going to evaluation some things out now so what I should be able to do is ping one three 1.50 scatter one fleck two which is server two and since I been set up the ICMP rule I can now ping that but if I ping one nine two one six eight 1.1 outside of not having a router I was not in a position to ping this okay matter of fact it says general appraise because it has no default gateway you know what good point I’m going to go ahead and set up but default gateway right 13150 1.2 freedom isn’t really gonna matter noted Network but felt a default gateway to change their network location awareness but if I ping 191 6 8 1.1 it really doesn’t matter I precisely don’t get a general outage anymore because I have a gateway I I’m still going a request timeout and you appreciate we could ping 191 6 8 1.1 from the server – all right now here’s I’m going to do and make that default gateway out because I want to show you that it really doesn’t matter ok so now this thing’s just felt flailing along doesn’t really have a default gateway and I’ve get a general failure because has no place to go alright what I’m going to do is I’m going to set up the VPN at this top and we’re just going to constitute us a little bit bigger now right click on server 2 we’re going to configure and enable where our as okay I’m going to select dial-up or VPN I’m going to get to choose VPN exclusively here it wants us to select the interface that’s connecting this server to the internet well that’ll be Ethernet 1 now what I have here is I could either automatically allow DHCP to delegate address or I are to be able use it from a specific range of IP address now I’m going to choose this but I’m going to show you how to actually set at the DHCP and what the repercussions are so click next we’ll create a new collection 192 168 1 speck 102 192 168 1 fleck 110 out 120 I said 10 but I I put 20 ok now notice that I don’t have any alternatives tab now I can revise that reach but there’s no alternatives click next and I would say now you know what I don’t have an external radius server let’s use the network programme server that is installed along with routing and remote access immediate finish and it’s going to say it’s unable to enable the firewall rules not sure why this is will manually open them and it says bla bla bla to patronize dhcp that’s just blah blah blah blah all right you know what well that’s fine and we’ll go ahead and start routing and remote access services and while that’s starting which it started now I’m going to go over to our firewall or inbound rules and we are going to allow routing and remote access get it on for GRE l2tp and PPTP you know what EDD SSTP as well we’re not going to not going to demonstrate that but we’ll enable it ok close that down and in the next video I’m going to show you how to actually form the connection and I want to go through some of the properties of routing and remote access so delight tune in for the next video in this series and as ever I thank you for giving me watching

You May Also Like