Tài liệu Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab doc

Step-by-Step Guide for Creating and Testing Connection

Manager Profiles in a Test Lab

Microsoft Corporation

Published: April 2003

Abstract

This white paper describes how to create and test Connection Manager profiles for connections that use dial-up

over a modem, virtual private networking (VPN) with Point-to-Point Tunneling Protocol (PPTP), VPN with Layer

Two Tunneling Protocol and Internet Protocol Security (L2TP/IPSec), and VPN with Extensible Authentication

Protocol (EAP) in a test lab using five computers. This white paper offers only step-by-step procedures, not a

conceptual overview. It is intended for enterprise-level administrators who have experience managing remote

access connections, administering the Active Directory® directory service, and operating a test lab.

The information contained in this document represents the current view of

Microsoft Corporation on the issues discussed as of the date of

publication. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of

Microsoft, and Microsoft cannot guarantee the accuracy of any

information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT

MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS

TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the

user. Without limiting the rights under copyright, no part of this document

may be reproduced, stored in or introduced into a retrieval system, or

transmitted in any form or by any means (electronic, mechanical,

photocopying, recording, or otherwise), or for any purpose, without the

express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights,

or other intellectual property rights covering subject matter in this

document. Except as expressly provided in any written license agreement

from Microsoft, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual

property.

Unless otherwise noted, the example companies, organizations, products,

domain names, e-mail addresses, logos, people, places and events

depicted herein are fictitious, and no association with any real company,

organization, product, domain name, email address, logo, person, place

or event is intended or should be inferred.

© 2003 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, and Windows Server are either

registered trademarks or trademarks of Microsoft Corporation in the

United States and/or other countries.

The names of actual companies and products mentioned herein may be

the trademarks of their respective owners.

Contents

Contents........................................................................................................................................3

Introduction...................................................................................................................................1

Configuring the Initial Test Lab...................................................................................................2

Configuring and Testing a Dial-Up Profile..................................................................................9

Configuring and Testing a PPTP Profile...................................................................................29

Configuring and Testing an L2TP/IPSec Profile.......................................................................39

Configuring and Testing an EAP Profile...................................................................................47

Summary......................................................................................................................................53

Related Links...............................................................................................................................54

Introduction

This white paper provides detailed information about how you can use five computers to create a test

lab in which you can create and test Connection Manager profiles. These instructions also take you

step-by-step through creating and installing Connection Manager profiles for dial-up remote access,

VPN remote access with PPTP, VPN remote access with L2TP/IPSec, and VPN remote access with

EAP-TLS authentication. As you complete this test lab, you will also test two methods of distributing

profiles to client computers: from a floppy disk and over an intranet connection.

This white paper is intended for enterprise-level administrators who have experience managing remote

access connections, administering Active Directory, and operating a test lab. It does not provide a

conceptual overview of any of the technologies that you implement in the lab or of general test lab

operations. For links to conceptual information, general deployment information, and product details,

see Related Links at the end of this paper.

The instructions in this white paper are cumulative. To reproduce the test lab configurations detailed in

this white paper, you must complete each section in the sequence in which it appears, and you must

follow the steps in each section in sequence.

Note: The following instructions describe configuring a test lab to test the relevant scenarios. To clearly

separate the services provided on the network and to show the desired functionality, you need a minimum

of four servers.

In addition, these test lab configurations reflect neither best practices nor a desired or recommended

configuration for a production environment. For example, the test lab uses the same computer as a domain

controller, a Domain Name System (DNS) server, and a Dynamic Host Configuration Protocol (DHCP)

server. In a production environment, you should not run other services on a domain controller. These test

lab configurations, including IP addresses and all other configuration parameters, are designed to work only

on a test lab network.

Windows Server 2003 White Paper 1

Configuring the Initial Test Lab

To follow the steps in this white paper, you will need to configure five computers in a specific topology.

Each computer in the lab has specific hardware and operating system requirements, which are

specified in the subsections below.

To set up this test lab, you will need the following hardware and software:

• Four computers that are capable of running members of the Windows Server 2003 family

o One server must have two network adapters and a modem.

o One server must have a floppy disk drive.

• One computer that is capable of running Microsoft Windows XP Professional and that has a

modem and a floppy disk drive

• Two network hubs or Layer 2 switches

• One operating system disc for Windows Server 2003, Enterprise Edition

• Three operating system discs for Windows Server 2003, Standard Edition

• One operating system disc for Windows XP Professional

Figure 1 shows the network topology for this lab.

As shown in Figure 1, one segment of the test lab network represents a corporate intranet, and another

segment represents the Internet. Connect all computers on the intranet segment to a common hub or

Layer 2 switch. Connect all computers on the Internet segment to a separate common hub or Layer 2

switch.

Windows Server 2003 White Paper 2