Logo
HOW TO
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows 7

Troubleshooting Remote Access Issues (part 2) - Creating a VPN Connection & Add a Certificate

6/15/2011 6:22:44 PM

3. Creating a VPN Connection

A VPN connection actually requires two connections. First, you'll need to connect to the Internet, and then you'll connect to the VPN server. It doesn't matter how you connect to the Internet. It can be over a dial-up connection, a DSL line, a broadband connection, or even through a wireless router.

After creating the connection to the Internet, you can create the VPN connection. You follow the first steps just as you did when you created a dial-up connection. However, instead of choosing Dial Directly, you choose Use My Internet Connection (VPN), as shown in Figure 3.

Figure 3. Creating a VPN connection

If you aren't currently connected to the Internet, you'll be prompted to identify how you want to connect to the Internet. Figure 4 shows this screen. You can choose from one of the connections in the drop-down list. The Always Use This Connection check box is selected by default. If you launch the VPN connection but you're not connected to the Internet, you'll be prompted to connect using this connection.

You then enter the IP address or the hostname of the VPN server and a name for the connection. If you use the name of the VPN server, you'll need to ensure that it is resolvable from an Internet DNS server. If you put in the IP address directly, you'll bypass the DNS name-resolution step.

The wizard will then prompt you to enter credentials for the VPN server. These include the user name, password, and domain name if a domain is used.

Figure 4. Identifying Internet access for the VPN


Exercise: Creating a Remote Access VPN Connection

  1. Launch the Network and Sharing Center. Click Start => Control Panel => Network And Internet => Network And Sharing Center.

  2. Click Set Up A New Connection Or Network.

  3. Select Connect To A Workplace. Click Next.

  4. Ensure that No, Create A New Connection is selected. Click Next.

  5. Select Use My Internet Connection (VPN).

  6. On the Type The Internet Address page, enter the IP address or the name of the VPN server in the Internet Address text box. Enter a name for the VPN connection in the Destination Name text box.

  7. Select Don't Connect Now; Just Set It Up So I Can Connect Later. Click Next.

  8. Enter your user name, password, and domain (if needed). Click Create.


At this point, the connection is ready to use. While a lot of the connection activity is automatic, you may need to troubleshoot some connections.

4. Add a Certificate

If you're using IKEv2 or SSTP, a certificate is required for the connection. If you're using L2TP/IPSec, a certificate is recommended. The VPN server passes the certificate to the client during the connection process. However, the client won't necessarily trust this certificate.

As long as the certificate is issued from a trusted CA, the certificate is trusted. However, if the certificate is not issued from a trusted CA, the certificate won't be trusted and the user will see a warning.

Consider these two scenarios:

  1. Your company purchases a certificate from a public CA such as VeriSign. This certificate is installed on the VPN server and sent to the clients. Because Windows 7 clients have a certificate from VeriSign in their Trusted Root Certification Authorities store, they trust the certificate from the VPN server. They will not receive a warning.

  2. Your company chooses not to pay for the certificate. Instead, administrators create an internal CA. This internal CA issues a certificate to the VPN server. Because Windows 7 clients don't have a certificate from the internal CA in their Trusted Root Certification Authorities store, they do not trust the certificate from the VPN server. They will receive a warning.

The second scenario is cheaper, but the warning can be confusing to users. Users can ignore the warning, but with security as challenging as it is already, you probably don't want to train your users to ignore warnings. The solution is to add the certificate from the internal CA to the Windows 7 Trusted Root Certification Authorities store.


Exercise: Add a Certificate to a Windows 7 Client

  1. Click Start and type MMC in the Start Search box. If prompted by UAC, click Yes to continue.

  2. Select File => Add/Remove Snap-in.

  3. Select Certificates and click Add. Select Computer Account and click Next. Ensure Local Computer is selected and click Finish. Click OK.

  4. Expand Certificates => Trusted Root Certification Authorities => Certificates.

  5. Right-click Certificates and select Import. The Certificate Import Wizard will launch. Review the Welcome screen and click Next.

  6. Click Browse and go to the location of the certificate file. Click Open. Click Next.

  7. On the Certificate Store page, ensure that Place All Certificates In The Following Store is selected and the Certificate Store is listed as Trusted Root Certification Authorities. Your display will look similar to the following graphic. Click Next.



  8. Click Next.

  9. Review the information on the Completion screen and click Finish. A dialog box will appear indicating the import was successful. Click OK.


Once the certificate has been imported, the clients will no longer receive the warnings for certificates issues from the CA.

It's also possible to publish these certificates to internal clients using Group Policy. Certificates are deployed using the Computer Configuration => Policies => Windows Settings => Security Settings => Public Key Policies => Trusted Root Certification Authority Store node.

You can right-click the Trusted Root Certification Authority node and select Import. It uses a similar wizard to import the certificate. After the certificate is imported, Group Policy will deploy the certificate to all computers in the scope of the GPO.

Other -----------------
- Troubleshooting Remote Access Issues (part 1) - Remote Access Overview & Creating a Dial-up Connection
- Visual Basic 2010 : Consuming WCF Services
- Visual Basic 2010 : Implementing WCF Services
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading or Saving Documents in Office Web Apps
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading Documents from Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Working with Documents on Windows Live
- Configuring and Troubleshooting Wireless Connectivity (part 3) - Troubleshooting Wireless Connections
- Configuring and Troubleshooting Wireless Connectivity (part 2) - Connecting to a Wireless Network & Setting Up Connections
- Configuring and Troubleshooting Wireless Connectivity (part 1) - Using Wireless Security & Configuring Wireless on Windows 7
- Microsoft Visio 2010 : Identifying 1-D Shapes and Types of Glue & Positioning Shapes with Rulers and Guides
 
 
REVIEW
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox
 
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
Top 10
- Microsoft Excel : How to Use the VLookUp Function
- Fix and Tweak Graphics and Video (part 3) : How to Fix : My Screen Is Sluggish - Adjust Hardware Acceleration
- Fix and Tweak Graphics and Video (part 2) : How to Fix : Text on My Screen Is Too Small
- Fix and Tweak Graphics and Video (part 1) : How to Fix : Adjust the Resolution
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro