Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by
  • When: 26 Apr 2011 6:54 AM
  • Last revision by (Microsoft Partner, Microsoft Community Contributor)
  • When: 12 May 2012 4:21 PM
  • Revisions: 3
  • Comments: 3
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using the Report Abuse link in the footer.
Wiki  >  TechNet Articles  >  VPN Test Lab Extension: Demonstrating VPN Reconnect

VPN Test Lab Extension: Demonstrating VPN Reconnect

VPN Test Lab Extension: Demonstrating VPN Reconnect

Table of Contents




Before using the instructions in this extension, set up the remote access VPN test lab with the instructions found in Test Lab Guide: Demonstrate Remote Access VPNs.

Step 1: Demonstrate VPN behavior without VPN reconnect

  1. Connect CLIENT1 to the Internet subnet.
  2. Open the Network Connections folder, double-click VPN Connection, and then click Connect. This should be successful.
  3. The connected VPN Connection should be using the PPTP VPN type (the third line of information about the VPN Connection object should be WAN Miniport (PPTP)).
  4. From an administrator-level command prompt, type ping 10.0.0.3 –t, and then press ENTER. Notice that the Ping.exe tool displays "Reply from 10.0.0.3".
  5. Unplug CLIENT1 from the Internet subnet. Notice that the Ping.exe tool displays "Request timed out".
  6. Wait for about a minute for the Network Connections message window that states "Link to VPN Connection failed.", and then click Close. The VPN Connection is now in a disconnected state. This demonstrates that a VPN connection that does not use VPN Reconnect fails after about a minute.
  7. In the Command Prompt window, type CTRL-C.

Step 2: Configure EDGE1 to support VPN reconnect

  1. On DC1, click Start, point to Administrative Tools, and then click Certification Authority.
  2. In the console tree, right-click Certificate Templates, and then click Manage.
  3. In the Certificate Templates Console window, right-click the IPsec certificate template, click Duplicate Template, and then click OK.
  4. Type VPN Reconnect in Template display name.
  5. On the Subject Name tab, click Supply in the request.
  6. On the Extensions tab, click Application Policies, click Edit, click Add, click Server Authentication, and then click OK twice.
  7. On the Security tab, click the Authenticated Users group.
  8. In Permissions for Authenticated Users, click Enroll under Allow, and then click OK.
  9. In the Certification Authority window, right-click Certificate Templates, point to New, and then click Certificate Template to Issue.
  10. In the list, click VPN Reconnect, and then click OK.
  11. On EDGE1, click Start, type mmc, and then press ENTER. Click Yes at the User Account Control prompt.
  12. Click File, and then click Add/Remove Snap-ins.
  13. Click Certificates, click Add, click Computer account, click Next, select Local computer, click Finish, and then click OK.
  14. In the console tree of the Certificates snap-in, open Certificates (Local Computer)\Personal\Certificates.
  15. Right-click Certificates, point to All Tasks, and then click Request New Certificate.
  16. Click Next twice.
  17. On the Request Certificates page, click VPN Reconnect, and then click More information is required to enroll for this certificate.
  18. On the Subject tab of the Certificate Properties dialog box, in Subject name, for Type, select Common Name.
  19. In Value, type 131.107.0.2, and then click Add.
  20. Click OK, click Enroll, and then click Finish.
  21. In the details pane of the Certificates snap-in, verify that a new certificate with the name 131.107.0.2 was enrolled with Intended Purposes of Server Authentication and IP security IKE intermediate.
  22. Close the Certificates snap-in.

Step 3: Demonstrate VPN Reconnect on CLIENT1

  1. On CLIENT1, in the Network Connections window, double-click VPN Connection, and then click Connect. The VPN connection should be successful, however it now uses the IKEv2 VPN type (the third line of information about the VPN Connection object should be WAN Miniport (IKEv2)).
  2. From the Command Prompt window, type ping 10.0.0.3 –t, and then press ENTER. Notice that the Ping.exe tool displays "Reply from 10.0.0.3".
  3. Unplug CLIENT1 from the Internet subnet. Notice that the Ping.exe tool displays "Request timed out".
  4. Wait for two minutes. Notice that you do not see a "Link to VPN Connection failed." message.
  5. Plug CLIENT1 back into the Internet subnet. Notice that the Ping.exe tool displays "Reply from 10.0.0.3". Unlike the PPTP-based connection in Step 1, the IKEv2-based connection does not fail and picks up where it left off when CLIENT1 gets reconnected to the Internet.
, , ,
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 26 Apr 2011 6:57 AM

    This one was a bit harder. I tried to use the VPN Reconect Step-by-Step guide but it went the long way around to get the proper cert on the VPN server. Instead, I used the instructions in the DirectAccess tes lab guide.

  • 26 Apr 2011 12:37 PM

    Hey fred!

    Great stuff! But check out the "In development" page on the main wiki page for Test Lab Guides - there is an IKEv2 TLG already in development. No problem - can't have enough Test Lab Guides and it will be interesting to see the different approaches. Great to see more in the community participating!

Page 1 of 1 (2 items)