ISA Server 2006 process of building Enterprise employee VPN Connection platform

Recently completed an environment based on the ISA VPN configuration, and a number of collation, today, the detailed configuration process to the blog, I hope to be more ready for the ISA VPN configuration of the Bo friends and friends to bring some help, this article is involved in the VPN configuration certificate-based L2TP IPSEC VPN configuration, L2TP IPSEC VPN configuration based on preshared key, and PPTP VPN configuration, the following is the entire configuration process, please refer to;

1. The experiment topology diagram

2. Server W2K3 System Parameters

bj-dc-01 :

Service:

Active Directory

Domain name:t.cn

Dns

IP configuration:

Host name:bj-dc-01

Primary DNS suffix:t.cn

DNS Suffix Search list:t.cn

Ethernet Adapter Local Area Connection:

IP address:192.168.1.2

Subnet mask:255.255.255.0

Default gateway:192.168.1.1

DNS server:192.168.168.1.2

Using the default installation, use Dcpromo to promote to DC.

bj-ca-01 :

Service: Certificate Services

IP configuration:

Host name:bj-ca-01

Primary DNS suffix:t.cn

DNS Suffix Search list:t.cn

Ethernet Adapter Local Area Connection:

IP address:192.168.1.3

Subnet mask:255.255.255.0

Default gateway:192.168.1.1

DNS server:192.168.168.1.2

Use the default installation and set the IP configuration manually to join the t.cn domain as a member server.

bj-pc-01 :

Service:

IP configuration:

Host name:bj-pc-01

Primary DNS suffix:t.cn

DNS Suffix Search list:t.cn

Ethernet Adapter Local Area Connection:

IP address:192.168.1.4

Subnet mask:255.255.255.0

Default gateway:192.168.1.1

DNS server:192.168.168.1.2

Use the default installation and set the IP configuration manually to join the t.cn domain.

bj-vpn-01 :

Service: Virtual Private Network Services

IP configuration:

Host name:bj-vpn-01

Primary DNS suffix:t.cn

DNS Suffix Search list:t.cn

Ethernet Adapter Local Area Connection: (Internal network card)

IP address:192.168.1.1

Subnet mask:255.255.255.0

Default Gateway:

DNS server:192.168.1.2

Ethernet Adapter Local Area Connection: (External network card)

IP address:10.1.1.1

Subnet mask:255.0.0.0

Default Gateway:

DNS Server:

Use the default installation and set the IP configuration manually to join the t.cn domain as a member server.

home-pc-01 :

IP configuration:

Host name:home-pc-01

Primary DNS Suffix:

DNS Suffix Search List:

Ethernet Adapter Local Area Connection:

IP address:10.1.1.2

Subnet mask:255.0.0.0

Default Gateway:

DNS Server:

3. BJ-DC-01 Configuration

1 login to bj-dc-01 server;

2 Click "Start"/"Run" and enter "Dcpromo";

3 on the Welcome to the Active Directory Setup Wizard page, click Next.

4 on the Operating System Compatibility page, click the Next button;

5 on the Domain Controller Type page, select New domain controller;

6 on the Create a new domain page, select domains in the New Forest;

7 in the "New Domain Name" page, enter the domain name "t.cn" click "Next" button;

8 on the NetBIOS Domain Name page, click the Next button;

9 in the Database and Log Folders page, click Next.

10 on the Shared System Volume page, click the Next button;

11 on the DNS Registration Diagnostics page, click the Next button;

12 in the Permissions page, click Next button;

13 in the "Directory Restore Mode Administrator Password" page, click "Next" button;

14 in the Summary page, click the Next button;

15 on the Completing the Active Directory Setup Wizard page, click Finish to restart the computer as prompted;

16 Click Start/admin tools/Active directory Users and Computers;

17 Create new user Wangtingdong and security group "Vpn_list" in the Open Active Directory Users and Computers window;

18 Double-click Wangtingdong Account, open the Properties dialog box, check "Allow Dial-in", and add this user to the "vpn_list" group, D then click "OK" button;