Implement VPN Connectivity
Learn On Demand
Learn On Demand Pro Series

Time
2 hours
Difficulty
Beginner

This IT Pro Challenge hands-on lab shows learners how to configure a Windows Virtual Private Network (VPN) server and client using both the Point-to-Point-Tunneling Protocol (PPTP) and Secure Socket Tunneling Protocol (SSTP) methods. Learners will also enable remote access to the private network.

Start your free 7-day trial and become one of the 3 million Cybersecurity and IT professionals advancing their career goals

Sign up with
Or

Already have an account? Sign In »

Overview

In this IT Pro Challenge, learners will understand the difference between the Point-to-Point-Tunneling Protocol (PPTP) and Secure Socket Tunneling Protocol (SSTP) Virtual Private Network (VPN) methods and how to configure a Windows VPN using both PPTP and SSTP for a server and client. Learners will also learn how to use Windows Server Manager to install the Direct Access and VPN (RAS) role service to allow remote access to the internal network. The skills acquired in this lab are useful for a career as a network or system administrator.

Overview

The scenario for this hands-on lab is that you are a network administrator, and you need to configure a Virtual Private Network (VPN) server that allows access to remote users. You have two subnets connected by a router that you will configure as a VPN server. To accomplish this, you need to configure a VPN server for Point-to-Point Tunneling Protocol (PPTP) access and then configure a PPTP VPN client. Next, you need to configure the VPN server for Secure Socket Tunneling Protocol (SSTP) and then configure an SSTP VPN client. To finish, you need to verify that remote users can use each VPN server to connect to the private network.

PPTP is the older of the two protocols discussed in this lab. PPTP works by instantiating a PPTP tunnel by communicating with the peer on TCP port 1723. That TCP connection is then used to instantiate a Generic Routing Encapsulation (GRE) tunnel to the same peer. There are some known issues with security risks using the PPTP method. SSTP works by transporting PTP traffic through a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) channel.

Configure a VPN server for PPTP access

To begin the lab, you need to use the Windows Server Manager to install the Direct Access and VPN (RAS) role service of the Remote Access role on the server virtual machine. You need to configure the VPN server and create a network policy on the policy server that allows members of the Domain Admins group to connect via VPN and configure the policy's authentication method.

Configure a VPN client for PPTP access

Now, you're going to login to a client virtual machine, where the user is a member of the Domain Admins group. You need to run a script (provided with the lab) to move the Admin to the external network and then configure the Admin as a VPN client. You will verify that the VPN connection is using PPTP and that you can access an internal network resource.

Configure a VPN server for SSTP

Now you are going to use the provided template to request a certificate and then configure the machine to use the new certificate for a VPN that uses SSTP. You will also configure a common name and alternate DNS certificate.

Summary Conclusion

By taking this hands-on lab, you will learn how to configure VPN servers that use both PPTP and SSTP, configure a VPN client, and verify external access to internal services by using both a PPTP and an SSTP VPN connection.