Home > Articles > Certification > CompTIA

CompTIA Network+ Video Mentor: Configuring an L2TP-Based VPN

  • Print
  • + Share This
  • 💬 Discuss
Many people are familiar with using PPTP as the tunneling and encryption protocol. This is a fast and somewhat secure method of connecting remotely, but what if you want something more secure as far as the transfer of data and authentication? Then you have to move into higher levels of VPN — for example, L2TP. David Prowse, creator of CompTIA Network+ Video Mentor,shows you how.

In this screencast and ensuing article, I’ll show how to configure a Layer 2 Tunneling Protocol (L2TP) connection on the server side (Windows Server 2003) and client side (Windows XP Pro). The video and step-by-step article are broken into six steps:

  • Step 1: Install a Certificate Authority on the server.
  • Step 2: Configure the Certificate Authority (CA) on the server.
  • Step 3: Configure MS-CHAP on the client.
  • Step 4: Configure L2TP and IPsec on the client.
  • Step 5: Install a certificate on the client.
  • Step 6: Making the new VPN connection.

This screencast assumes that you have IIS running on the server, you know how to set up a basic VPN, and you have a VPN server running. For more information on how to set up a basic VPN, see my website. (Free registration required.).

You need to upgrade your Flash Player. You need version 9 or above to view this video. You may download it here. You may also see this message if you have JavaScript turned off. If this is the case, please enable JavaScript and reload the page.

Step 1: Install a Certificate Authority on the Server

Even if your client is already set up to make L2TP connections (see Step 4 for more), and you have a basic VPN server working, you would get a 781 error when attempting to connect. This is because your client requires an encryption certificate. The client must get that certificate from the server (or some other authority). Let’s install and configure the Certificate Authority on the Windows Server 2003 computer now so that it can dispense certificates to clients.

  1. Go to the Windows Server 2003 computer.
  2. Click the Start button and select Control Panel.
  3. Launch Add/Remove Programs.
  4. Select Add/Remove Windows Components.
  5. Click the Certificate Services check box to select it. A pop-up window opens; click Yes.
  6. Click Next.
  7. When asked you what type of Certificate Authority you will be installing, choose the default option, Enterprise root CA, as shown in Figure 1. Then click Next.
  8. Figure 1 The Certificate Authority screen.

  9. In the Common Name for this CA field, type test. Leave the rest of the information as-is, and click Next.
  10. Leave the Certificate Database Settings window as-is and click Next.
  11. A pop-up window might ask you about IIS, which needs to be stopped during the installation of the CA. Click OK. The installation of the CA will begin.
  12. If you are asked for the CD, you can get the necessary information from X:\i386 (where X is the letter of your disc drive). This could be from the Windows Server 2003 disc, the Service Pack disc, or the Server 2003 disc with slipstreamed service pack—it depends on your setup.
  13. Click Finish. The Certificate Authority is now installed. You should see it within your Administrative Tools. A restart is not normally necessary, but might be a good idea, especially if you have a lot of other services running on the server.
  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus