Reference no: EM131413376
Objective: Use a VPN to connect to an internal network.
Description: In this project, you put the VPN to use. You create a VPN connection object on the remote client and connect to the TMG server. Then you create a firewall rule on TMG to allow the VPN clients access to the internal network. Once connected to the internal network, you map a drive on your Windows Server 2008 domain controller and place content on it.
1. Start Windows 7 and log in as an administrator.
2. Configure the Windows 7 IP settings. Enter an IP address of 192.168.1.120, a subnet mask of 255.255.255.0, a default gateway of 192.168.1.110, and a DNS server address of 10.0.0.125. You are now configured as an Internet client on the same network as the public side of the TMG server.
3. Click Start, and click Control Panel. If necessary, select Small icons from the View by menu in the upper-right corner, and click Network and Sharing Center.
4. Click Set up a new connection or network. Select Connect to a workplace, and click Next.
5. Click Use my Internet connection (VPN). Click I'll set up an Internet connection later.
6. In the Internet address text box, type 10.0.0.111, which is the IP address of your TMG server. In the Destination name text box, type Connection to corporate headquarters, and click Next.
7. In the User name text box, type ruser. In the Password text box, type Pa$word. Click the Remember this password box. In the Domain text box, type Teamx. Click Create. Click Close.
8. In the Network and Sharing Center window, click Connect to a network. In the Set Network Location window, click Work network. Click Connection to corporate headquarters, and click Connect. Click Properties, and click the Security tab. From the Type of VPN menu, select Point to Point Tunneling Protocol (PPTP). Notice that Require encryption is selected. Examine the content of the other tabs, and then click OK. If necessary, type ruser in the User name box. In the Password box, type Pa$word. If necessary, type Teamx in the Domain box. Click Connect. This attempt should fail.
9. Log on to TMG as an administrator. If necessary, open the Forefront TMG Management console. In the left frame, click Remote Access Policy (VPN). In the right frame, click Configure VPN Client Access. In the VPN Clients Properties window, click the General tab, and click the Enable VPN client access box. In the Maximum number of VPN clients allowed text box, type 5, and click Apply. In the Microsoft Forefront Threat Management Gateway window, click OK. Examine the content of the other tabs. Be sure that PPTP is enabled on the Protocols tab. Click OK. In the Forefront TMG window, click Apply. Click Apply, and then click OK.
10. Return to Windows 7, and attempt to connect to the internal domain controller, as you did in Step 8. This attempt should succeed. Open a command prompt, type ipconfig, and press Enter. You should see your network adapter with its 192.168.1.120 address and a virtual PPP adapter with an IP address in the 10.0.0.0/8 network, which was issued to you from the range that you configured on TMG. This address allows you to communicate on the internal network.
11. Log on to the Windows Server 2008 domain controller. Click Start, click Computer, and double-click Local Disk (C:).
12. Right-click any white space in the right frame, select New, and select Folder. Name the folder Target. Right-click Target, click Properties, click the Sharing tab, click Advanced Sharing, and click the Share this folder box.
13. Click Permissions, verify that Everyone is selected, and click the Full Control box in the Allow column. Click OK. Click OK.
14. Click the Security tab, and click Edit. In the Group or user names box, select Users (TEAMx\Users). Click the Full Control box in the Allow column. Click OK, and click Close.
15. Return to Windows 7. At a command prompt, type net use V:\\TeamxSRV\Target and press Enter. This attempt should fail. You are connected to the TMG server and you have a virtual network interface address on the internal network, but the firewall on TMG is keeping you out.
16. Return to TMG. In the Forefront TMG window, right-click Firewall Policy in the left frame. Click New, and click Access Rule. In the Access rule name text box, type Allow VPN Access and click Next. Click the Allow option button, and click Next. In the This rule applies to menu, select All outbound traffic, and click Next. Select Do not enable malware inspection for this rule, and click Next. Click Add, expand the Networks node, select VPN Clients, click Add, click Close, and click Next. Click Add, expand the Networks node, select Internal, click Add, click Close, and click Next. Accept the default user set of All Users, click Next, and click Finish.
17. In the Forefront TMG window, click Apply, click Apply, and click OK.
18. Repeat Step 15. Now that you have been allowed on the internal network, the command is successful. Change to the V: drive by typing V: at the command line and pressing Enter.
19. Create a file on the internal server from your remote Windows 7 system. Type copy con January_Sales.txt and press Enter. Type January sales have been slow but are expected to pick up. and press Enter. Type Ctrl+Z and press Enter.
20. Return to the Windows Server 2008 domain controller, and look in C:\Target. The new file should be present.
21. Leave your systems running for the next project.