Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows 7

Troubleshooting Remote Access Issues (part 2) - Creating a VPN Connection & Add a Certificate

6/15/2011 6:22:44 PM

3. Creating a VPN Connection

A VPN connection actually requires two connections. First, you'll need to connect to the Internet, and then you'll connect to the VPN server. It doesn't matter how you connect to the Internet. It can be over a dial-up connection, a DSL line, a broadband connection, or even through a wireless router.

After creating the connection to the Internet, you can create the VPN connection. You follow the first steps just as you did when you created a dial-up connection. However, instead of choosing Dial Directly, you choose Use My Internet Connection (VPN), as shown in Figure 3.

Figure 3. Creating a VPN connection

If you aren't currently connected to the Internet, you'll be prompted to identify how you want to connect to the Internet. Figure 4 shows this screen. You can choose from one of the connections in the drop-down list. The Always Use This Connection check box is selected by default. If you launch the VPN connection but you're not connected to the Internet, you'll be prompted to connect using this connection.

You then enter the IP address or the hostname of the VPN server and a name for the connection. If you use the name of the VPN server, you'll need to ensure that it is resolvable from an Internet DNS server. If you put in the IP address directly, you'll bypass the DNS name-resolution step.

The wizard will then prompt you to enter credentials for the VPN server. These include the user name, password, and domain name if a domain is used.

Figure 4. Identifying Internet access for the VPN


Exercise: Creating a Remote Access VPN Connection

  1. Launch the Network and Sharing Center. Click Start => Control Panel => Network And Internet => Network And Sharing Center.

  2. Click Set Up A New Connection Or Network.

  3. Select Connect To A Workplace. Click Next.

  4. Ensure that No, Create A New Connection is selected. Click Next.

  5. Select Use My Internet Connection (VPN).

  6. On the Type The Internet Address page, enter the IP address or the name of the VPN server in the Internet Address text box. Enter a name for the VPN connection in the Destination Name text box.

  7. Select Don't Connect Now; Just Set It Up So I Can Connect Later. Click Next.

  8. Enter your user name, password, and domain (if needed). Click Create.


At this point, the connection is ready to use. While a lot of the connection activity is automatic, you may need to troubleshoot some connections.

4. Add a Certificate

If you're using IKEv2 or SSTP, a certificate is required for the connection. If you're using L2TP/IPSec, a certificate is recommended. The VPN server passes the certificate to the client during the connection process. However, the client won't necessarily trust this certificate.

As long as the certificate is issued from a trusted CA, the certificate is trusted. However, if the certificate is not issued from a trusted CA, the certificate won't be trusted and the user will see a warning.

Consider these two scenarios:

  1. Your company purchases a certificate from a public CA such as VeriSign. This certificate is installed on the VPN server and sent to the clients. Because Windows 7 clients have a certificate from VeriSign in their Trusted Root Certification Authorities store, they trust the certificate from the VPN server. They will not receive a warning.

  2. Your company chooses not to pay for the certificate. Instead, administrators create an internal CA. This internal CA issues a certificate to the VPN server. Because Windows 7 clients don't have a certificate from the internal CA in their Trusted Root Certification Authorities store, they do not trust the certificate from the VPN server. They will receive a warning.

The second scenario is cheaper, but the warning can be confusing to users. Users can ignore the warning, but with security as challenging as it is already, you probably don't want to train your users to ignore warnings. The solution is to add the certificate from the internal CA to the Windows 7 Trusted Root Certification Authorities store.


Exercise: Add a Certificate to a Windows 7 Client

  1. Click Start and type MMC in the Start Search box. If prompted by UAC, click Yes to continue.

  2. Select File => Add/Remove Snap-in.

  3. Select Certificates and click Add. Select Computer Account and click Next. Ensure Local Computer is selected and click Finish. Click OK.

  4. Expand Certificates => Trusted Root Certification Authorities => Certificates.

  5. Right-click Certificates and select Import. The Certificate Import Wizard will launch. Review the Welcome screen and click Next.

  6. Click Browse and go to the location of the certificate file. Click Open. Click Next.

  7. On the Certificate Store page, ensure that Place All Certificates In The Following Store is selected and the Certificate Store is listed as Trusted Root Certification Authorities. Your display will look similar to the following graphic. Click Next.



  8. Click Next.

  9. Review the information on the Completion screen and click Finish. A dialog box will appear indicating the import was successful. Click OK.


Once the certificate has been imported, the clients will no longer receive the warnings for certificates issues from the CA.

It's also possible to publish these certificates to internal clients using Group Policy. Certificates are deployed using the Computer Configuration => Policies => Windows Settings => Security Settings => Public Key Policies => Trusted Root Certification Authority Store node.

You can right-click the Trusted Root Certification Authority node and select Import. It uses a similar wizard to import the certificate. After the certificate is imported, Group Policy will deploy the certificate to all computers in the scope of the GPO.

Other -----------------
- Troubleshooting Remote Access Issues (part 1) - Remote Access Overview & Creating a Dial-up Connection
- Visual Basic 2010 : Consuming WCF Services
- Visual Basic 2010 : Implementing WCF Services
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading or Saving Documents in Office Web Apps
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Downloading Documents from Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Working with Documents on Windows Live
- Configuring and Troubleshooting Wireless Connectivity (part 3) - Troubleshooting Wireless Connections
- Configuring and Troubleshooting Wireless Connectivity (part 2) - Connecting to a Wireless Network & Setting Up Connections
- Configuring and Troubleshooting Wireless Connectivity (part 1) - Using Wireless Security & Configuring Wireless on Windows 7
- Microsoft Visio 2010 : Identifying 1-D Shapes and Types of Glue & Positioning Shapes with Rulers and Guides
- Visual Basic 2010 : Serialization in the ADO.NET Entity Framework
- Visual Basic 2010 : Serialization in Windows Communication Foundation
- Microsoft Excel 2010 : Creating and Modifying Charts - Selecting Chart Elements & Formatting Chart Elements
- Microsoft Excel 2010 : Creating and Modifying Charts - Changing a Chart Type & Changing a Chart Layout and Style
- Microsoft Visio 2010 : Serialization with XAML
- Microsoft Visio 2010 : Custom Serialization
- Microsoft Visio 2010 : Connecting Shapes with Dynamic Connectors
- Microsoft Visio 2010 : Copying and Pasting Shapes & Connecting Shapes with Lines
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Creating Office Documents on Windows Live
- Microsoft PowerPoint 2010 : Working Together on Office Documents - Setting Folder Permissions on Windows Live
 
 
Most view of day
- SQL Server 2008 R2 : Performance Monitoring Tools (part 3) - The System Data Collectors, Data Collector Reports
- SQL Server 2008 R2 : Performance Monitoring Tools (part 8) - Extended Events Catalog Views and DMVs
- Developing Disk Images : Configuring the Lab Distribution Share (part 1) - Adding Windows Vista
- Windows Phone 8 : Configuring Basic Device Settings - Backing Up Your Phone (part 3) - Backing Up Text Messages
- Integrating BizTalk Server 2010 and Microsoft Dynamics CRM : Communicating from Dynamics CRM to BizTalk Server (part 2) - Writing the Dynamics CRM plugin
- Exchange Server 2007 : Leveraging the Capabilities of the Outlook Web Access Client - Getting to Know the Look and Feel of OWA 2007
- Microsoft Content Management Server : The ASP.NET Stager Application (part 3) - Staging Attachments
- Windows Server 2008 R2 file and print services : Administering Print and Document Services (part 1)
- Multi-Tenancy in SharePoint 2013 (part 1) - Managing Service Application Groups, Creating a Site Subscription
- Using Voice and Sounds : Controlling the Volume
Top 10
- Windows Server 2012 : Configuring IPsec (part 7) - Configuring connection security rules - Monitoring IPsec
- Windows Server 2012 : Configuring IPsec (part 6) - Configuring connection security rules - Creating a custom rule, Configuring authenticated bypass
- Windows Server 2012 : Configuring IPsec (part 5) - Configuring connection security rules - Creating an authentication exemption rule, Creating a server-to-server rule, Creating a tunnel rule
- Windows Server 2012 : Configuring IPsec (part 4) - Configuring connection security rules - Types of connection security rules, Creating an isolation rule
- Windows Server 2012 : Configuring IPsec (part 3) - Configuring IPsec settings - Customizing IPsec tunnel authorizations, Configuring IPsec settings using Windows PowerShell
- Windows Server 2012 : Configuring IPsec (part 2) - Configuring IPsec settings - Customizing IPsec defaults
- Windows Server 2012 : Configuring IPsec (part 1) - Understanding connection security
- Microsoft Project 2010 : Linking Tasks (part 8) - Auditing Task Links,Using the Task Inspector
- Microsoft Project 2010 : Linking Tasks (part 7) - Creating Links by Using the Mouse,Working with Automatic Linking Options
- Microsoft Project 2010 : Linking Tasks (part 6) - Creating Links by Using the Entry Table
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro