[go: up one dir, main page]
Scribd
Upload
92 views3 pages

Configuring CLIENT1: Install The Operating System

The document provides steps to configure a Windows 7 computer named CLIENT1 as a remote access VPN client for the Contoso domain. It describes installing the operating system on CLIENT1, configuring TCP/IP with a static IP, configuring the hosts file, enabling firewall rules, verifying the connection, and installing the root certificate for VPN authentication.

Uploaded by

Ahmed Jaha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
92 views3 pages

Configuring CLIENT1: Install The Operating System

The document provides steps to configure a Windows 7 computer named CLIENT1 as a remote access VPN client for the Contoso domain. It describes installing the operating system on CLIENT1, configuring TCP/IP with a static IP, configuring the hosts file, enabling firewall rules, verifying the connection, and installing the root certificate for VPN authentication.

Uploaded by

Ahmed Jaha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

// ConfiguringCLIENT1

Configuring CLIENT1
2 out of 3 rated this helpful

Updated: February 23, 2010

Applies To: Windows 7, Windows Server 2008 R2

CLIENT1 is a computer running Windows7 that functions as a remote access VPN client for the Contoso.com domain.CLIENT1 configuration consists of the
following steps:

Install the operating system

Configure TCP/IP

Configure the VPN client with the root certificate

Note

When configuring the client, a trusted root certificate is not required when using EAP based authentication. However, the trusted root certificate is required when
computercertificatebased authentication is used.

Install the operating system


CLIENT1 must run Windows7.

To install Windows7
1. On CLIENT1, start your computer using the Windows7 product disc. Follow the instructions that appear on your screen.

2. When prompted for the installation type, choose Custom Installation.

3. When prompted for the user name, type user1.

4. When prompted for the computer name, type CLIENT1.

5. When prompted for the computer location, choose Home.

Configure TCP/IP
Configure TCP/IP properties so that CLIENT1 has a static IP address of 131.107.0.3 for the public Internet connection.

To configure TCP/IP properties


1. On CLIENT1, click Start, and then click Control Panel.

2. Under Network and Internet, click View network status and tasks.

3. In Network and Sharing Center, click Change adapter settings.

4. In Network Connections, rightclick Local Area Connection, and then click Properties.

5. In the Local Area Connection Properties dialog box, select Internet Protocol Version 4 TCP/IPv4, and then click Properties.

6. In the Intenet Protocol Version 4 TCP/IPv4 Properties dialog box, click Use the following IP address. In IP address type 131.107.0.3, and in
Subnet mask type 255.255.0.0 for the subnet mask.

7. Click OK, and then click Close.

Configure the hosts file to have a record for VPN1. This simulates a realworld scenario in which the corporate VPN server would have a publicly resolvable host
name.

To configure the hosts file


1. On CLIENT1, click Start, click All Programs, click Accessories, rightclick Command Prompt, and then click Run as administrator.

https://technet.microsoft.com/enus/library/dd637809(v=ws.10).aspx 1/3
// ConfiguringCLIENT1
2. In the User Account Control dialog box, click Continue.

3. In the Administrator: Command Prompt window, type the following and then press ENTER:notepad %windir%\system32\drivers\etc\hosts.

4. Add the following text in a new line at the end of the document:

131.107.0.2 vpn1.contoso.com

5. Save and close the hosts file.

Use Windows Firewall with Advanced Security to ensure that the appropriate firewall rules are enabled.

To ensure that appropriate firewall rules in Windows Firewall with Advanced Security are
enabled and configured to allow connections
1. On VPN1, click Start, type wf.msc and the press ENTER.

2. In the navigation tree, click Inbound Rules.

3. In the details pane, doubleclick File and Printer Sharing Echo Request ICMPv4In for the Private and Public profiles.

4. In the rule properties dialog box, under General select Enabled, under Action select Allow the connection, and then click OK.

5. Close the Windows Firewall with Advanced Security window.

For the purposes of this test lab, a successful ping response from vpn1.contoso.com to CLIENT1 signifies that the remote user can connect to the office VPN
server over the public Internet.

To use ping to verify connection to vpn1.contoso.com


1. On CLIENT1, in the Administrator: Command Prompt window, type ping vpn1.contoso.com, and then press ENTER.

2. Verify that you can successfully ping VPN1.

3. Close the Command Prompt window.

Configure the VPN client with the root certificate


Install the root certificate for the CA that issued the server authentication certificate. This is required for the client computer to trust the server authentication
certificate and complete the VPN connection.

To install the root certificate on the client


1. On CLIENT1, click Start, type mmc, and then press ENTER.

2. In the Console1 window, click File, and then click Add/Remove snapin.

3. Under Available snapins, select Certificates, and then click Add.

4. In the Certificates snapin dialog box, select Computer account, and then click Next.

5. In the Select Computer dialog box, click Finish to accept the default selection of Local computer.

6. Click OK to close the Add/Remove snapins dialog box.

7. In the navigation pane, expand Certificates Local Computer, expand Trusted Root Certification Authorities, rightclick Certificates, click All Tasks,
and then click Import

8. On the Certificate Import Wizard welcome page, click Next.

9. On the File to Import page, click Browse.

10. In the File name text box, type \\vpn1.contoso.com\c$\users\administrator.contoso\desktop, and then press ENTER.

Note

This works in our lab scenario, because VPN1 has file share enabled, and the firewall is not blocking file sharing on the external network adapter. In a
production environment, you would need to provide the root certificate to your client computers by using some other secure method.

https://technet.microsoft.com/enus/library/dd637809(v=ws.10).aspx 2/3
// ConfiguringCLIENT1
11. When asked for credentials, type contoso\administrator and Pass@word1.

Note

Because you logged in as the local administrator before you joined VPN1 to the domain, adding the domain administrator account created a
separate profile that is named Administrator with the name of the domain appended.

12. Select RootCACert from the file list, and then Click Open.

13. With the path to certificate now complete, click Next.

14. On the Certificate Store page, click Next to select the default value of placing the certificate in the Trusted Root Certification Authorities store.

15. On the completion page, click Finish, and then on the successful import notice, click OK.

Community Additions

If Error 13863
For Windows Server 2008 R2 SP1 with an NAT Router in front of the VPN Server and the Windows 7 Clinet also is behind a NAT router. I get Error 13863.

If the Client gets an Public IP address no problem.

MrBech
9/5/2011

If Error 0x80092013
If error 0x80092013

You can for test disable revocation check:

NoCertRevocationCheck
Registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\ParametersRegistry entry: NoCertRevocationCheck
Data type: REG_DWORD

http://support.microsoft.com/kb/947054/enus

MrBech
9/5/2011

2015 Microsoft

https://technet.microsoft.com/enus/library/dd637809(v=ws.10).aspx 3/3

You might also like