In this IT Pro Challenge, learners will understand the difference between the Point-to-Point-Tunneling Protocol (PPTP) and Secure Socket Tunneling Protocol (SSTP) Virtual Private Network (VPN) methods and how to configure a Windows VPN using both PPTP and SSTP for a server and client. Learners will also learn how to use Windows Server Manager to install the Direct Access and VPN (RAS) role service to allow remote access to the internal network. The skills acquired in this lab are useful for a career as a network or system administrator.
The scenario for this hands-on lab is that you are a network administrator, and you need to configure a Virtual Private Network (VPN) server that allows access to remote users. You have two subnets connected by a router that you will configure as a VPN server. To accomplish this, you need to configure a VPN server for Point-to-Point Tunneling Protocol (PPTP) access and then configure a PPTP VPN client. Next, you need to configure the VPN server for Secure Socket Tunneling Protocol (SSTP) and then configure an SSTP VPN client. To finish, you need to verify that remote users can use each VPN server to connect to the private network.
PPTP is the older of the two protocols discussed in this lab. PPTP works by instantiating a PPTP tunnel by communicating with the peer on TCP port 1723. That TCP connection is then used to instantiate a Generic Routing Encapsulation (GRE) tunnel to the same peer. There are some known issues with security risks using the PPTP method. SSTP works by transporting PTP traffic through a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) channel.
Configure a VPN server for PPTP access
To begin the lab, you need to use the Windows Server Manager to install the Direct Access and VPN (RAS) role service of the Remote Access role on the server virtual machine. You need to configure the VPN server and create a network policy on the policy server that allows members of the Domain Admins group to connect via VPN and configure the policy's authentication method.
Configure a VPN client for PPTP access
Now, you're going to login to a client virtual machine, where the user is a member of the Domain Admins group. You need to run a script (provided with the lab) to move the Admin to the external network and then configure the Admin as a VPN client. You will verify that the VPN connection is using PPTP and that you can access an internal network resource.
Configure a VPN server for SSTP
Now you are going to use the provided template to request a certificate and then configure the machine to use the new certificate for a VPN that uses SSTP. You will also configure a common name and alternate DNS certificate.
By taking this hands-on lab, you will learn how to configure VPN servers that use both PPTP and SSTP, configure a VPN client, and verify external access to internal services by using both a PPTP and an SSTP VPN connection.