Now that the RRAS role is installed, we must configure the VPN server. One aspect of the configuration process that you may not expect is that we have to configure the VPN server to also act as a Network Address Translation (NAT) server. The reason for this is that we are creating an SSL-based VPN. As such, clients must be able to access the certificate revocation list. This list is located on the Enterprise Certificate Authority, so the VPN server will have to act as a NAT server to enable clients to download the certificate revocation list. To perform the configuration process, follow these steps:
- Open the Server Manager and navigate through the console tree to Server Manager | Roles | Network Policy and Access Services | Routing and Remote Access.
Vista VPN setup guide, part 2 Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
- Right-click on the listing for Routing and Remote Access, and then choose Configure and Enable Routing and Remote Access from the resulting shortcut menu.
- Windows will now launch the Routing and Remote Access Server Setup Wizard. Click Next to bypass the wizard's introductory screen.
- The next screen is the Configuration screen. Choose the Virtual Private Network (VPN) Access and NAT option, and click Next.
- The next screen will ask you which of the server's NICs are attached to the Internet. Select the NIC that is connected to the network perimeter and click Next.
- You will now see a screen asking you how IP addresses should be assigned to remote clients. Assuming that your network has a DHCP server in place, choose the option to assign IP addresses automatically, and click Next.
- Windows should now display a screen asking if you want to use RRAS to authenticate connection requests, or if you would rather forward requests to a RADIUS server for authentication. Since we haven't set up a RADIUS server, choose the option to have the RRAS server authenticate connection requests. Of course, if you do happen to have a RADIUS server, you are certainly free to use it.
- Click Next, and you will see a screen displaying a summary of the options that you have chosen. Click Finish to close this screen.
- You will now see a warning message telling you that the relaying of DHCP messages requires a DHCP relay agent. Click OK to acknowledge this warning.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com .