Setup vmlab.local (21)

VPN/NAT setup

PPTP (Point to Point tunneling protocol) to L2TP (Layer 2 Tunneling Protocol)

Add 192.168.1 Network on ESXi Hosts

1. On ESXi1, Configuration>Networking> Add Networking>Virtual Machine

   
   

2. Select vmnic3

   
   

3. Name to NAT and set VLAN ID to 255

   
   

4. Finish

   
   

5. Repeat the steps on esxi2

Add NAT (internal) network adapter on DC1

1. On Subca VM>Edit Settings>Hardware>Add Network Adapter

   
   

2. Set Network Type

   
   

3. Finish

   
   

Setup 192.168.255 Subnet on NIC2

1. On subca, Change Network connections as below

   
   

2. Set IP for 192.168.255

   
   

3. Open Routing and Remote Access console
4. Right Click on Subca node, Configure and Enable Routing and Remote Access

   
   

5. Select Virtual Private Network (VPN) Access and NAT

   
   

6. Select 172.20.255 NIC and Uncheck Basic Firewall option

   
   

7. Automatically

   
   

8. Select no.

   
   

9. Finish

   
   

10. OK

    
    

11. Right click on the Subca node> Properties

    
    

12. Select Static Address Pool under IP Tab and click Add

    
    

13. Set as like below

    
    

14. Restart Service

    
    

15. On Remote Access Policies> Connections to Microsoft Routing and Remote Access server>Grant remote Access Permissions

    
    

     
     

Test VPN

1. On Websvr1, open CMD and ipconfig to display the current IPs and subnet info. Then, ping to 192.168.255.1 which will be failed at the moment.

   
   

2. Create a New network connection

   
   

3. Select Connect to the network at my workplace (VPN)

   
   

4. Virtual Private Network Connection

   
   

5. Input Company name

   
   

6. Input VPN server (subca) IP Address

   
   

7. My use only

   
   

8. Select to create a shortcut on my desktop

   
   

9. Input the credentials and Connect

   
   

10. The VPN will be connected

    
    

11. Ping 192.168.255.1 again to test if works. Also ipconfig shows two network connections as below. 192.168.255.21 which is assigned from the static IP pools.

    
    

NAT Setup

1. On subca, Routing and Remote Access Console>IP Routing>NAT/Basic Firewall
2. Right click on 172.20.255NIC >Properties>Address Pool>ADD

   
   

3. Add Pool like below

   
   

4. Click Reservations

   
   

5. Add reservation IPs

   
   

6. So if any access from outside to 172.20.255.165, it will route traffic to 192.168.255.21
7. On Services and Ports Tab> select Web Server and set the addresses as below

   
   

NAT Test setup with websvr1

1. To test NAT successfully within this lab environment, websvr1 should be connected to VPN.
2. On websvr1, connect to vmlab.local vpn connection to obtain IP in 192.168.255subnet and run ipconfig to obtain IP address

   

3. On websvr1, open IIS manager>Web Sites> open Properties of Default Web Site > click Advanced on Web Site Tab

   
   

4. Select Default identities and Edit

   
   

5. Set the web site identification as below

   
   

NAT Test

1. On DC1, open IE and try to access to www.vmlab.local (172.20.255.165). It should route to 192.168.255.21