The Implementing VPN Solutions Part 2 module provides you with the instruction and server hardware to develop your hands-on skills. This module includes the following exercises:
- Installing and Configuring a VPN Server
- Installing a Certification Authority
- Configuring a SSTP VPN Server
- Preparing a SSTP VPN Client
Lab time: It will take approximately 1 hour and 15 minutes to complete this lab.
The following exam objectives are covered in this lab:
- Implementing VPN Solutions with Secure Sockets Tunnelling Protocol (SSTP)
Exercise 1 - Installing and Configuring a VPN Server
Windows Server 2016 includes the Routing and Remote Access Service (RRAS) network service. The RRAS supports remote user or site-to-site connectivity by implementing virtual private networks (VPNs) or dial-up connections.
The Point to Point Tunnelling Protocol (PPTP) is a VPN protocol that you will configure in the first exercise. PPTP requires a username and password to authenticate user accounts that dial-in to a VPN server. This protocol is widely supported by a variety of vendors because of its simplicity and ease of implementation. PPTP can be a security risk for a number of reasons; however, if the username and password are compromised.
In this exercise, you will install the RRAS on a Windows Server 2016 device, then prepare the secondary network interface for VPN service, and finally configure its system settings.
You will configure the system settings of the Routing and Remote Access Server by setting up the VPN ports and verifying that these accept incoming connections. Then you will use Active Directory Users and Computers to grant dial-in permission to a domain user.
Exercise 2 - Installing a Certification Authority
In this task, you will install a Certification Authority (CA) that will enable PLABSA01 to issue certificates to computers, services, or a network user. A certificate is a digital ID that verifies the identity of a computer, service, or user and acts as another form of authentication when connecting to a network service.
In a later exercise, you will use a certificate revocation list (CRL), which is a list of certificates that have been revoked or canceled by the administrator of a Certification Authority service. CRLs are normally published through IIS, which can be accessed by any computer with a web browser and a network connection.
Publishing the CRL and ensuring its accessibility to VPN clients is one of the requirements to enable a secure sockets layer (SSL) in a VPN. To be able to publish the CRL, you must install Certificate Web Enrollment Services. Please note that you will install the Certification Authority on the PLABSA01 server.
Exercise 3 - Configuring a SSTP VPN Server
The Secure Sockets Tunneling Protocol (SSTP) is a VPN protocol that sends PPTP or L2TP packets using a Secure Sockets Layer (SSL) channel. SSL encrypts a VPN connection with the use of computer certificates, which ensures confidentiality of network transmission over a public network like the internet. A key advantage of SSTP is that it provides compatibility with virtually all types of firewalls and network address translation gateways, which is not possible with other VPN protocols like L2TP. SSTP listens on TCP port number 443 for incoming connections.
Exercise 4 - Preparing a SSTP VPN Client
After setting up the VPN properties on the PLABDC01 server to use SSTP, you will now set up the VPN client so that it will comply with the system requirements to successfully dial-in to a SSTP VPN server.
In this exercise, you will perform the necessary tasks to enable a VPN client to successfully dial-in to a VPN server using the SSTP protocol.
See the full benefits of our immersive learning experience with interactive courses and guided career paths.