TartVPN

TartVPN Homepage  Selection of services in the Network Policy and Access Services window. 1. **Check** the **Routing and Remote Access Services** box a. Verify the following are also checked. i. **Routing and Remote Access Services** ii. **Routing** 2. **Click Next** 3. At the **Confirm Installation Selections** window **Click Install** 4. At the **Installation Results** windows **Click Close** To complete installation.
 * Installing Routing and Remote Access Services**



Verification of installation of Network Policy and Access Service  Note: The red X **Next** to the Network Policy and Access Service module under Roles in Roles summary is not a bad thing. The service is not started until it is configured which we will in the following steps.


 * Configuring Routing and Remote Access Services**

Accessing Routing and Remote Access MMC 1. ** Click Start > Administrator Tools > Routing and Remote Access **

Accessing the Configuration wizard of RRA 1. **Right Click** - **Configure and Enable Routing and Remote Access** 2. At the **Routing and Remote Access Server Setup Wizard Welcome** screen **Click Next**

Configuration of RRAS Server 1. **Click** the radio button alongside **Virtual private network(VPN) access and NAT** 2. ** Click Next **

Selection of the External Network Card. 1. In the **Network Interface** listbox **Select –** a. **Local Area Connection** with an IP address of **10.145.147.7** 2. ** Click Next **

Selection of IP Address Assignment configuration. 1. **Select** the **Automatically** radio button. 2. ** Click Next **

Selection of authentication method of RRAS. 1. **Select** the **Yes, set up this server to work with a RADIUS server.** 2. ** Click Next **

Entry of RADIUS server options. 1. In the **RADIUS Server Selection** window set the following settings 2. ** Click Next  ** 3. At the **Completing the routing and remote access server setup wizard** window **Click Finish ** 4. A dialog box may appear stating you will need to setup DHCP Relay. We will do that at in the following steps.
 * a. ** **Primary RADIUS server:** 172.28.0.4
 * b. **** Shared secret : **
 *  i.  **** Note: To get the shared secret please locate the the administrative password top secret encrypted document located in the safe in the building area 51. **

Configuration of DHPC Relay 1. The **Routing and Remote Access** window should be open still. 2. **Expand** your server name. There should be a white circle with a green triangle signifying a running configured RRAS Service. 3. **Expand** **IPv4** 4. ** Right-Click DHCP Relay Agent ** 5. ** Click Properties. **

Adding of the DHCP server IP Address 1. In the **Server address box enter** 172.28.0.2 2. ** Click Add ** 3. **Click OK** to complete adding the dhcp relay setup.

Modifying the NAT properties of the Local Area Connection 1. ** Expand IPv4 ** 2. ** Click NAT ** 3. ** Right-Click Local Area Connection ** 4. ** Click Properties **

Configuring Port Forwarding for SMTP. 1. **Click services and Ports** Tab 2. **Click Internet Mail Server (SMTP)** In the **Local Area Connection properties** Window. 3. ** Click Edit ** 4. In the **Edit Service** window **Type** 172.28.0.3 then the **Private address** Field 5. **Click OK** in the **Edit Services Window**



1. **Click Post Office Protocol version 3 (pop3)** In the **Local Area Connection properties** Window. 2. ** Click Edit ** 3. In the **Edit Service** window **Type** 172.28.0.3 then the **Private address** Field 4. **Click OK** in the **Edit Services Window**



1. **Click Web Server (http)** In the **Local Area Connection properties** Window. 2. ** Click Edit ** 3. In the **Edit Service** window **Type** 172.28.0.3 then the **Private address** Field 4. **Click OK** in the **Edit Services Window**

1. **Click Secure Web Server (https)** In the **Local Area Connection properties** Window. 2. ** Click Edit ** 3. In the **Edit Service** window **Type** 172.28.0.3 then the **Private address** Field 4. **Click OK** in the **Edit Services Window**

1. **Click Add** In the **Local Area Connection properties** Window. 2. **Type** the following in the corresponding sections a. Description of service : DNS b. Incoming Port: 53 c. Private address: 172.28.0.2 d. Outgoing port: 53 3. **Click OK** in the **Add Services** 4. Close all Open Windows.


 * Installing DNS**

1. ** Click Start > Server Manager ** 2. **Click Add Roles** in the **Roles** Pane

1. ** Click DNS Server ** 2. ** Click Next **

Adding the DNS server Role 1. **Click** **Next** at the introduction to DNS Server window 2. **Click** install 3. When installation Results window appears **Click** Close

**Configure DNS**

Open DNS Server MMC 1. **Click** Start >Administrative Tools > DNS

Configuring New Zone: 1. In the DNS Manager **Click** TARTVPN 2. Right **Click** TARTVPN 3. **Click** NEW Zone.

Selecting to become a secondary zone 1. At the Welcome to the new zone wizard screen 2. **Click** **Next** 3. Select Secondary Zone in the Zone **Type** Window 4. **Click** **Next**

Configuring the zone to be Forward Lookup 1. Verify the Forward lookup Zone is selected 2. **Click** **Next**

Configuring Zone 1. In the Zone Name Box **Type**: tart.corp 2. **Click** **Next**

Configuring Master DNS Server Verified DNS Server 1. **Type** 172.28.0.2 where it says “Click here to add an IP Address or DNS Name:” 2. Once Verified **Click** **Next** 3. Then **Click** Finish at the Completing the New Zone Wizard Window

 Opening Security Configuration Wizard 1**. Click Start** > **Administrative Tools** > **Security Configuration Wizard** 2. At the **Welcome to the Security Configuration Wizard Click Next** Selecting Create a new Security Policy 1. Verify that **create a new security policy** is bubbled and **click next** Designating server to use as a baseline 1. Verify **TARTVPN** is the server textbox 2. It will take a few minutes to capture a baseline for later configuration 3. In the **Role-Based Service Configuration** window **Click Next** Selection of Server Roles and Client Features(below) 2. In the **Select Features Window click next**
 * Security Configuration Wizard**
 * 1. **In the **select Server Roles Window click next**

de-selection of additional Services 1. **Uncheck** All Boxes in the **select additional services window** On the next 12 screens click next till you arrive at the following window Configuring system audit policy 3. **Click next** at the next 2 screens. Saving the Policy to a file. 1. In the **Security policy file name** textbox type **c:\windows\security\msscw\policies\TartVPN** 2. In the **Description** type **TARTVPN Security Policy** Applying the security Policy 1. **Click** the **Apply now** bubble 3. **Click finish** at the **Completing the security configuration wizard.**
 * 2. ****Click next**
 * 1. ****Select Audit successful and unsuccessful activities**
 * 2. ****Click next**
 * 3. ****Click Next**
 * 2. ****Click Next**

media type="custom" key="3488130"