Professional Documents
Culture Documents
Ahmed Abdelwahed
Microsoft Certified Trainer
Ahmed_abdulwahed@outlook.com
http://www.mycertprofile.com/Profile/3992184764
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Table of Contents
What is VPN?................................................................................................................................................................... 3
Existing Active directory environment ............................................................................................................................ 3
Existing DHCP Server Configuration: ............................................................................................................................... 4
VPN Server Setup and Configurations ............................................................................................................................ 5
VPN Configuration Steps: ............................................................................................................................................ 6
Step 1: Join VPN Server to ITPROLABS.XYZ domain ................................................................................................. 6
Step 2: Add Remote Access role .............................................................................................................................. 6
Step 3: Enable and configure routing and remote access (Enable VPN Service) ................................................... 10
Step 4: Allow VPN clients to obtain TCP/IP configuration from DHCP and use internal DNS................................. 13
Step 5: Configure a preshared key for IPSec connection ....................................................................................... 14
Allowing internet users to connect through VPN ......................................................................................................... 15
Step 1: Active Directory Configuration ..................................................................................................................... 15
Step 2: Configure the Remote Access policies (NPS) ................................................................................................ 17
Testing ........................................................................................................................................................................... 23
Create VPN connection from windows 10 Client. ..................................................................................................... 23
Allow internet connectivity with VPN ....................................................................................................................... 26
Connect to VPN ......................................................................................................................................................... 27
Check connected VPN client Status .......................................................................................................................... 28
2|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
What is VPN?
A Virtual Private Network (VPN) is a secure network tunnel that allows you to connect to your private
network from internet locations. So, you can access and use your internal resources based on your
permissions.
3|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
4|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Network configuration:
We have 2 network interfaces one for LAN connectivity (in our domain scope) and another for WAN that will
receive VPN client connection requests from internet.
5|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
First, Join our VPN server to ITPROLABS.XYZ domain, so we can use active directory to authenticate the
incoming VPN client connections.
On VPN server, from Server Manager add remote access role as explained in the figures below
6|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
7|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
8|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
9|Page
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Step 3: Enable and configure routing and remote access (Enable VPN Service)
10 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
11 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
12 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Step 4: Allow VPN clients to obtain TCP/IP configuration from DHCP and use internal DNS
Here we will allow incoming VPN clients to obtain TCP/IP configuration from DHCP, also It’s better to allow VPN users
to use the internal DNS server, so they can locate and access internal resources easily
13 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
On VPN server configure preshared key that will be used in IPSec connections
14 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
15 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Now you can add members to this group that you want to allow them to connect through VPN
16 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
On VPN, from Server Manager, open the Network Policy Server console
17 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
18 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
add users and groups that you want to allow them to connect through VPN
19 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
from this wizard, we can apply some polices and restrictions on VPN clients like session time limit.
20 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Configuration summary
21 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
22 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Testing
Create VPN connection from windows 10 Client.
First, create VPN connection to VPN Server public IP address (as explained in the figures below)
23 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Now, configure our connection to use L2TP (as explained in the below figures)
24 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
25 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
26 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Connect to VPN
Now you can use your VPN connection using aabdelwahed user who have grant access permission to
connect through VPN according to his membership on VPN_Users group.
27 | P a g e
L2TP/IPsec VPN On Windows Server 2016 Step By Step| Complete Lab
Now, run ipconfig /all to check your VPN connection configuration, so now you can access the network
resources based on your permissions.
28 | P a g e