• Home
• Courses
• Labs
• lab setup
• K-12
• Demos
• About
  • About Us
  • Fundings
• News

Remote Access Windows Server 2016 Protection - Part I

---

 

---

Basic Introduction:

Windows Server 2016 as Gateway

External Resources about this infrastructure can be found here.

Key Points for protecting Windows Server Gateway:

• Remote Access Service (RAS) server is configured as public server and communication with internal services is required for remote users authentication.
• Internal services such as Active Directory, File Servies, and Intranet Web applications access must be propertly configure for remote users (Network Access Policy Server)
• External Internet traffic from Remote Clients Protection
• Firewall Configuration

Windows Server Gateway Insfrastruture

RAS (Remote Access Services)

The RAS server consists of windows server 2016 install as standard core. Two virtual box adapters will be required for this server; we will be configuring them with powershell from the command-line interface.

The server will be also configured as a joined server to single forest domain. Therefore, additional Windows 2016 server will be required for completing this lab.

The RAS server will also be configured to accept remote access connections from a windows remote client virtual machine. The following diagram illustrate the lab topology. Windows Client 10 will be use on two separate networks.

---

System Overview

PDC Domain Services Windows 20016 Server

The PDC server is a virtual machine with a virtual box adpater configured as host network. Two host networks and one NAT (network addresss translation) network are going to be created during the pre-configuration for the lab.

The server will be also configured as the primary domain server, therefore a single forest is required.

The PDC will authenticate the windows Remote client throghout the RAS server. Access connections from/to RAS and PDC windows virtual machines will be configured on Endian FW/Router.

---

Endian Community Firewall/Router

Endian Firewall/Router is a community version software that runs a linux kernel and acts as firewall and router for virtual machines.

This VM will be configured with four adapters which will be created in Virtual Box. See PRE-Installation Configuration: here

Instructions for configuring the software, interfaces and networks rules will be done thru console and GUI web management interfaces provided by Endian.

---

LAB Instructions Breakdown - Below an html document link and portable downloadable file with instructions. The lab is broken down on the following main steps.

A) Pre-Installation and Configuration

1. Ensure Virtual Box is installed (instructions here)

2. Host Networks and NAT network creation

a. create a host network for the DMZ network to inside traffic. (ORANGE ADAPTER on Endian FW/Router)
b. create a host network for the internal network (GREEN ADPTER on Endian FW/Router)
c. create a host network DMZ network for the outside private network traffic (BLUE ADAPTER on Endian FW/Router)
d. create a NAT network for the outside network (RED ADAPTER on Endian FW/Router)

B) Download software requirement (click here for download ISO files)

1. Endian Firewall/Router Installation (instructions)
2. Windows 2016 Server Installation (instructions)
3. Windows 10 Client Installation (instructions)

C) Installation, Configuration, and testing of the following.

1. Endian FW/Router
2. Windows Server 2016 PDC
3. Windows Server 2016 RAS
4. Windows 10 Client
5. Securing

Installation and Configuration Information

The Installation and configuration (pdf format) for all virtual devices (vm machines) are included in document that can be downloaded PDF.

Follow steps by steps installation and configuration here. HTML.