Client to Site Certificate L2TP / IPSec

M hnh tng t Client to Site

Cc bc ci t :
Trn my AD Server : + Ci t AD v DC + Cu hnh DNS + To User VPN Cc bc ny tng t nh bi Client to Site Trn my VPN Server : + Join domain : Vo Properties ca My Computer

Change Settings Change t tn Computer l VPNServer , Domain l truongtan.local

Nhn OK Hin ra 1 bng , in username v password admin ca AD Server vo OK

Khi ng li my v login vi user : truongtan\administrator

+ Ci t Certificate Service Vo Server Manager Chn Roles Chn Add Roles nh du vo Active Directory Certificate Services Next

Next Next Chn Certification Authority web Enrollment Chn Add Required Services

Next tip theo mc nh cho ti khi Install Close .

Lu Setup Type l EnterPrise , Ca Type : Root CA

+ Cu hnh Certificate Service Administratives Tools Certification Authority

Chut phi Certificate Templates Manage

- Nhn phi vo IPSEC > Chn Duplicate Template

- Chn Windows Server 2003 Enterprise

General Template display name l VPNCert

Trong Tab Request Handling > Chn Allow private key

- Trong Tab Subject Name > Chn vo Supply in the request > Hp thoi hin ln nhn OK

- Trong Tab Extensions > chn Application Policies > Edit

- Nhn Add > Chn Server Authentication > OK > OK

- Chn Key Usage > Edit

- Kim tra c chn vo Digital Signature > Cancel > OK

- Trong Certification Authority > Nhn phi vo Certificate Templates > New > Certificate template to issue

+ Xin Server Authentication certificate bng IE

- M Internet Explore > Nhp a ch http://localhost/certsrv > Chn Request new certificate

- Chn Advanced certificate request

- Chn Create and submit a request to this CA

- Nhn Yes

- Nhn Yes

Chn Certificate Template : VPNCert

in tn vo phn Name l tn ca VPNServer

Nhn Submit . Chn Install certificate

+ Move Certificate vo Computer - Nhn vo Start > g MMC > Trong Console1 > File > Add/Remove snap-in

- Chn Certificate > Nhn Add

- Chn My user account > Finish

- Chn Certificate > Nhn Add

- Chn Computer account > Next > Finish

- Nhn OK

- Trong Console1 > Chn Certificates Current user > Chn Personal > Certificates - Nhn phi vo VPNServer.TruongTan.Local > Chn All Task > Export

- Nhn Next - Chn Yes, export the private key > Nhn Next Hnh nh ny c thay i kch thc. Click vo y xem hnh nh gc vi kch thc l 503x453

- Nhn Next - t password ty

- Trong File to Export > Nhn Browse > La chn v tr lu, v d Desktop

- Nhn Next > Nhn Finish> Thng bo ca h thng export thnh cng

- Trong Console1 > Chn Certificates (Local Computer) > Chn Personal > Certificates - Nhn phi vo Certificates > Chn All Task > Import

- Nhn Next - Nhn Browse - Chn Desktop > La chn file type l Personal Information Exchange > Chn file Cert > Open

- Nhn Next - Nhp vo password c thit lp pha trn > Next

- Cc hp thoi tip theo mc nh > Finish - Kim tra Certificate c move thnh cng

+ Ci t Routing and Remote Access - M Server Manager > Nhn phi Roles > Add Roles

- Chn vo Network policy and access services

- Chn Next - Chn Routing and Remote Access Services > Next

- Nhn Install > Nhn Close

+ Cu hnh Routing and Remote Access

- Vo Start > Administrative Tools > M Routing and remote access - Nhn phi vo VPNServer > Chn Configure and enable

- Nhn Next - Chn Remote Access > Next

- Chn vo VPN > Next

- Chn Network Interface kt ni ra internet > Next

- Trong IP address assignment > Chn From a specified

- Nhn New

- Nhp a ch cn cp > OK > Next > Next

Nhn Finish

- Nhn OK

Trn My Client + Cu hnh Host File - Chn Start > nhp vo ng dn %windir%\system32\drivers\etc\hosts

- Thm vo dng cui cng trong file ny l 192.168.1.2 vpnserver.truongtan.local

+ Client cu hnh Trust Root certificate - M Internet Explorer > nhp vo ng dn http://192.168.1.2/certsrv

Chn Download a CA Certificate

Chn save , lu vi tn certnew

Chn Start > MMC > Trong Console1 > Chn File > Add/Remove Snap-in

- Chn Certificate > Add

- Chn Computer Account > Next > Finish

- Nhn OK

- Nhn phi vo Certificate > Chn All Task > Import

- Nhn Next

- Nhn Browse > Chn file cn Import

- Cc hp thoi kt tip mc nh - Kt qu Trust Root CA

+ Xin Server Authentication cho Client

- M Internet Explore > Nhp a ch http://192.168.1.2/certsrv > Chn Request new certificate - Chn Advanced certificate request - Chn Create and submit a request to this CA
Chn Certificate Template : VPNCert in tn vo phn Name l tn ca Client

Nhn Submit . Chn Install certificate

+ Move Certificate vo Computer - Nhn vo Start > g MMC > Trong Console1 > File > Add/Remove snap-in

- Chn Certificate > Nhn Add

- Chn My user account > Finish

- Chn Certificate > Nhn Add

- Chn Computer account > Next > Finish

- Nhn OK

Current User Personal Certificates Click chut phi ln certificate chn export

Export vi tn l CertClient Local Computer Personal All Task Import

Import file va mi export ra

+ Kt ni VPN Vo Set up a vitual private network connection

Trong Internet addrress g : VPNserver.truongtan.local

Next in username v password user vpn to AD Create . OK

Vo Network Connection Click chut phi ln biu tng kt ni . Tab Sercurity Chn L2TP/ IPSec OK

Connect

Kt ni thnh cng