Manage Remote Access with VPN

Practice Labs Module
1 hour

Welcome to the "Manage Remote Access with VPN" Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »



Welcome to the Manage Remote Access with VPN Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Install and Configure VPN Service
  • Exercise 2 - Manage a VPN Client
  • Exercise 3 - Configure L2TP

After completing this lab, you will be able to:

  • Install Remote Access feature in Windows Server 2016
  • Configure secondary network interface on VPN server
  • Configure Routing and Remote Access Server settings
  • Prepare VPN ports on Routing Remote Access Server and Windows Firewall
  • Grant dial-in permission to domain network users
  • Prepare VPN client to connect to VPN server
  • Verify VPN client connection to VPN server
  • Enable L2TP on Routing and Remote Access Server
  • Verify client connectivity to VPN server

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand remote access - VPN

Lab Duration

It will take approximately 45 minutes to complete this lab.

Exercise 1 - Install and Configure VPN Service

Windows Server 2016 includes the Routing and Remote Access Service (RRAS) network service. The RRAS supports remote user or site-to-site connectivity by implementing virtual private networks (VPNs) or dial-up connections.

In this exercise, you will install the RRAS on a Windows Server 2016 device, prepare the secondary network interface for VPN service, and configure the server’s system settings.

You will configure the system settings of the RRAS by setting up the VPN ports and verifying that these accept incoming connections. You will then give permission to a domain user to dial-in to the server using Active Directory Users and Computers.

The Point to Point Tunnelling Protocol (PPTP) is a VPN protocol that you will use for this first exercise. PPTP requires a username and password to authenticate the user accounts that dial-in to a VPN server. This protocol is widely supported by a variety of vendors because of its simplicity and ease of implementation. PPTP can be a security risk for a variety of reasons, however, if the username and password are compromised.

Exercise 2 - Manage a VPN Client

Windows clients 10 have a built-in dialling software to connect to a remote access server. A network user must specify a valid user name and password which are received by the server and forwarded to the domain controller for authentication. When the network user is verified, he is given access to corporate assets shared in the organization.

In the previous exercise, you installed and configured VPN services on Windows Server 2016. To validate the VPN settings that were set up on the server, you will create a VPN client connection on Windows 10.

Exercise 3 - Configure L2TP

Layer 2 Tunneling Protocol (L2TP) is a VPN protocol that provides restrictive authentication, as it requires machine certificates to be assigned to a VPN server and client by a common Certification Authority (CA).

The Certification Authority (CA) is an issuing authority that grants digital certificates to a user, computer or a network service. The CA can either be a commercial type that issues certificates to online merchants, software companies and financial institutions. Certificates issued to these organizations prove their trustworthiness when doing business with the general public and customers over the Internet. In addtion, the certificates provide encryption to ensure that data transmitted over the Internet are encrypted and known only between authorized parties. The CA can likewise be internal if the users are members of a common organization.

If L2TP is the VPN protocol to use, the certificate must be installed on a VPN server and client for a remote access session to be successfully established. The machine certificate provides an additional layer of authentication, apart from the mandatory username and password that must be entered on a VPN client when initiating a connection to a VPN server.

If a CA server is not available to issue computer certificates, a preshared key or password can be used to provide an additional layer of security beyond the username and password.

In this exercise, you will enable L2TP on the PLABDC01 server and the PLABWIN10 device.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.