Recently completed an environment based on the ISA VPN configuration, and a number of collation, today, the detailed configuration process to the blog, I hope to be more ready for the ISA VPN configuration of the Bo friends and friends to bring some help, this article is involved in the VPN configuration certificate-based L2TP IPSEC VPN configuration, L2TP IPSEC VPN configuration based on preshared key, and PPTP VPN configuration, the following is the entire configuration process, please refer to;
1. The experiment topology diagram
2. Server W2K3 System Parameters
bj-dc-01 :
Service:
Active Directory
Domain name:t.cn
Dns
IP configuration:
Host name:bj-dc-01
Primary DNS suffix:t.cn
DNS Suffix Search list:t.cn
Ethernet Adapter Local Area Connection:
IP address:192.168.1.2
Subnet mask:255.255.255.0
Default gateway:192.168.1.1
DNS server:192.168.168.1.2
Using the default installation, use Dcpromo to promote to DC.
bj-ca-01 :
Service: Certificate Services
IP configuration:
Host name:bj-ca-01
Primary DNS suffix:t.cn
DNS Suffix Search list:t.cn
Ethernet Adapter Local Area Connection:
IP address:192.168.1.3
Subnet mask:255.255.255.0
Default gateway:192.168.1.1
DNS server:192.168.168.1.2
Use the default installation and set the IP configuration manually to join the t.cn domain as a member server.
bj-pc-01 :
Service:
IP configuration:
Host name:bj-pc-01
Primary DNS suffix:t.cn
DNS Suffix Search list:t.cn
Ethernet Adapter Local Area Connection:
IP address:192.168.1.4
Subnet mask:255.255.255.0
Default gateway:192.168.1.1
DNS server:192.168.168.1.2
Use the default installation and set the IP configuration manually to join the t.cn domain.
bj-vpn-01 :
Service: Virtual Private Network Services
IP configuration:
Host name:bj-vpn-01
Primary DNS suffix:t.cn
DNS Suffix Search list:t.cn
Ethernet Adapter Local Area Connection: (Internal network card)
IP address:192.168.1.1
Subnet mask:255.255.255.0
Default Gateway:
DNS server:192.168.1.2
Ethernet Adapter Local Area Connection: (External network card)
IP address:10.1.1.1
Subnet mask:255.0.0.0
Default Gateway:
DNS Server:
Use the default installation and set the IP configuration manually to join the t.cn domain as a member server.
home-pc-01 :
IP configuration:
Host name:home-pc-01
Primary DNS Suffix:
DNS Suffix Search List:
Ethernet Adapter Local Area Connection:
IP address:10.1.1.2
Subnet mask:255.0.0.0
Default Gateway:
DNS Server:
3. BJ-DC-01 Configuration
1 login to bj-dc-01 server;
2 Click "Start"/"Run" and enter "Dcpromo";
3 on the Welcome to the Active Directory Setup Wizard page, click Next.
4 on the Operating System Compatibility page, click the Next button;
5 on the Domain Controller Type page, select New domain controller;
6 on the Create a new domain page, select domains in the New Forest;
7 in the "New Domain Name" page, enter the domain name "t.cn" click "Next" button;
8 on the NetBIOS Domain Name page, click the Next button;
9 in the Database and Log Folders page, click Next.
10 on the Shared System Volume page, click the Next button;
11 on the DNS Registration Diagnostics page, click the Next button;
12 in the Permissions page, click Next button;
13 in the "Directory Restore Mode Administrator Password" page, click "Next" button;
14 in the Summary page, click the Next button;
15 on the Completing the Active Directory Setup Wizard page, click Finish to restart the computer as prompted;
16 Click Start/admin tools/Active directory Users and Computers;
17 Create new user Wangtingdong and security group "Vpn_list" in the Open Active Directory Users and Computers window;
18 Double-click Wangtingdong Account, open the Properties dialog box, check "Allow Dial-in", and add this user to the "vpn_list" group, D then click "OK" button;