Cambridge Computer Support
About Us


About Us
  Who is C2S?
  Sitemap
  Contact C2S
  How to Visit C2S
  Testimonials
  Case Studies
  FAQs.
  Partners

Contact C2S
  Name
  
  Subject
  
  Email
  
  Phone no
  
 
  

How To VPN for SBS 2003 By Ric Alston

This will need the SBS server CD

Overview
1. Opening Ports in ISA Server
2. Deploying Certificate Services on SBS 2K3 - IAS and Enterprise Root Authority
3. Requesting Certificate for SBS server - DC certificate
4. Creating L2TP VPN connection on server – configures DC Certificate
5. Create VPN on LAN client (Acquire client certificate)
6. Check EAF restore agent for rebuilding certificate store

1. Opening Ports in ISA Server
Start - All programs – Microsoft ISA Server – ISA Management
Expand “servers and arrays” then (SBS) /%computername/%
Select “network configuration”
Click “Configure a Client Virtual Private Network (VPN)”
“ISA VPN Server Wizard” appears
Next – Finish (this erases previous RAS configuration)
Click “Yes” to install “Routing and Remote Access” service
Click “Yes” to restart the service.
Check if “L2TP Packet Filters” are intact
ISA management console expand “Servers and arrays” then (SBS) /%computername/%
Select “Access Policy” (Configure Access Policy Taskpad appears)
Double click “Allow L2TP Protocol IKE packets”
Enable this Filter = ON

2. Deploying Certificate Services on SBS 2K3
IAS and Enterprise Root Authority
2.1 Install Internet Authentication Service (IAS)
Disable MS-CHAPS in SBS remote access Policy

2.2 Create “Enterprise Root Certificate Authority”
Control panel – Add/remove windows components – Certificate Services
NB don’t change servername or move to another AD domain.
Later – see backing up root CA server issue. Start - Run – MMC
Console - Add/Remove Snap in – Add – Certifcates – Add
Manage certificates for Computer Account
Add a second snap-in for a User Account certificate store
Confirm that “Enterprise Root” has been created in “Trusted Root Certification Authorities”

3. Request Certificate for SBS computer
Start - Run – MMC
Open certificates (local computer) console
Right click personal container
Shortcut menu – All tasks – Request New Certificate opens:
Certficate requests Wizard
Certificate Types = Domain Controller
Friendly Name = SBS Server Certificate 1
OK

4. Creating L2TP VPN connection on server – configures DC Certificate
4.1 Edit SBS “Remote Access Policy” to “Allow Authentication via Certificates“
Start – Administrative Tools – Internet Authentication Service
Select “Remote Access Policies”
Double click SBS Remote Access Policy
The “SBS Remote Access Policy Properties Dialog” appears.
Click Edit Profile – Click on Authentication Tab
(Disable MS-CHAP and 128bit Encryption)
Click EAP methods
The “Select EAP Providers” dialog appears
Add “Smart card or other certificate” OK
“New EAP Type” dialog appears
Select “Smart card or Other Certificate”
Select the certificate the server should use to authenticate itself with VPN clients.

4.2 Deploy Computer then User Certificates to VPN client While the client is on the SBS LAN
Open Internet Explorer
Go to http://SBSservername/certsrv
Click “Request a Certificate”

  





© MMXI Cambridge Computer Support - The computer network & web experts
Cambridge Computer Support    About Us    Networks    The Internet    Hardware    Contact Us    Terms