Double click on the dun14-98.exe
file on the desktop. Click Yes on the dialog box informing you Microsoft Dial-up
Networking 1.4 for Windows 98 will be installed.
Click Yes in the dialog
box indicating you accept all terms of the License Agreement. The DUN 1.4
file is installed.
You will be asked for the
Windows 98 CD-ROM. Click OK on the Insert Disk dialog box.
Type a path to the Setup folder in the Copying Files dialog box
(figure 1) and click OK.
If you encounter a Version
Conflict dialog box (figure 2), click Yes on each of them to
keep the new file. If you click No, older versions of the file will
be installed and the VPN client connections may not establish properly.
Click Yes in the System
Settings Change dialog box. This restarts your computer.
the Microsoft L2TP/IPSec VPN Client
the Dial-up Networking version 1.4 is installed, you can download and install
the Microsoft L2TP/IPSec VPN Client software and install it on the
Windows 98 computer. You must install this update before attempting an
1.Open Internet Explorer and go to http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp
to download the Microsoft L2TP/IPSec VPN Client. There is an
administrators guide for the Microsoft L2TP/IPSec VPN client on this page. We
recommend that you review the administrators guide either prior or after
installing the client software. Click the msl2tp.exe link and download
the file to your desktop.
2.Double click on the msl2tp.exe file on the desktop.
Click Yes on the Microsoft L2TP/IPSec VPN Client Setup v1.0
3.Click Yes in the dialog box to indicate that you
accept all the terms of the licensing agreement. The MS L2TP/IPSec VPN
Client software installs (figure 3).
4.Click Yes in the dialog box asking if you want to
restart your computer. The computer restarts after clicking Yes.
5.You may be presented with a Location Information
dialog box (figure 4) after restarting the computer. If so, enter your Area
Code, and then click Close. Log onto the Windows 98 computer.
User Certificate to Allow L2TP/IPSec Connections
Networking 1.4 (DUN 1.4) and the Microsoft L2TP/IPSec VPN Client are now
installed on the Windows 98 computer. The next step is to obtain a user
certificate. The Microsoft L2TP/IPSec VPN Client can uses this certificate
to create L2TP/IPSec connections with the ISA Server firewall/VPN Server.
The Microsoft L2TP/IPSec VPN Client is not required if you wish to create only
PPTP connections to the ISA Server firewall/VPN server.
many methods available to obtain user certificates from a Microsoft Certificate
Server. The most common scenario is when there is a standalone or enterprise
Microsoft Certificate Server located on the internal network and the Web enrollment
site is installed on the standalone Certificate Server. We will go through the
steps of obtaining a user certificate from the Web enrollment site of a
standalone Microsoft Certificate Server running on a Windows Server 2003
following steps on the Windows 98 computer to obtain the user certificate:
On the Windows 98 computer,
open Internet Explorer and type in the URL http://<ip_address>/certsrv
or http://fqdn/certsrv. Where <ip_address>
and <fqdn> represent the IP address and Fully Qualified
Domain Name of the standalone Microsoft Certificate Server. The IP address
or FQDN can be an internal address or FQDN or an external IP address or
FQDN. External addresses are used when the Certificate Server is published
to the Internet.
On the Microsoft Certificate
ServicesWelcome page (figure 5), click the Request a
On the Request a Certificate
page, click the Web Browser Certificate link (figure 6).
Click Yes on the Security
Warning dialog box (figure 7) that asks if you want to install and run
the Microsoft Certificate Enrollment Control. Click Yes again if
you see the dialog box a second time.
Type in your user information in the text boxes on
the Web Browser Certificate – Identifying Information page (figure
8), then click Submit.
Click Yes on the Potential
Scripting Violation dialog box informing you that you should trust
the Web enrollment site before continuing.
The Certificate Pending page
appears and informs you that your request must be approved
(figure 9). In this example the standalone Microsoft Certificate Server is
using its default settings, which requires the certificate request to be
approved. If you are using the default settings on the standalone
Certificate Server, then you must approve the request. For more information on how to setup and
configure standalone Microsoft Certificate Servers, refer to ISA Server
VPN Deployment Kit document Installing and
Configuring a Windows Server 2003 Standalone Certification Authority.
Click the Home link on
the Certificate Pending page (figure 9). This takes you back to the
Welcome page (figure 10). On the Welcome page, click the View
the status of a pending certificate request link.
On the View the Status of a
Pending Certificate Request page (figure 11), click the Web Browser
Certificate (Date/Time) link. In this example the link says Web Browser
Certificate (Thursday May 08 2003)
On the Certificate Issued page
(figure 12), click the Install this certificate link. Click Yes
in the Potential Scripting Violation dialog box that warns you need
to trust the Web enrollment site.
Click Yes on the Root
Certificate Store dialog box (figure 13). This dialog box tells you
the certificate authority’s self-signed (Self Issued) certificate
will be added to the Trusted Root Authorities certificate store.
Close Internet Explorer after
you see the Certificate Installed page.
the PPTP Dial-up Networking Entry
98 VPN client now has DUN 1.4, the Microsoft L2TP/IPSec VPN client, and a user
certificate installed. Now we can create the VPN connectoids that we use to
connect to the ISA Server firewall/VPN server. Let’s start with creating a PPTP
A VPN connectoid is a Dial-up Networking entry represented by an icon in the
Dial-up Networking Window.
following steps to create the PPTP VPN connectoid:
Click Start and point to
Programs. Point to Accessories and then point to Communications.
Click on Dial-up Networking.
If this is the first time
you’ve run Dial-up networking on this machine, you should click Next
on the Welcome to Dial-Up Networking dialog box (figure 14). If you
have run the Dial-up networking application on the Windows 98 computer at
some time in the past, then the Dial-up Networking windows will appear.
Double click on the Make New Connection icon in the Dial-Up
In the Make New Connection
dialog box (figure 15), type in a name for the PPTP VPN connectoid in the Type
a name for the computer you are dialing text box. In this example,
we’ll call it PPTP VPN. Click the down arrow for the Select a
device drop down list. Select the Microsoft VPN Adapter entry.
On the Make New Connection
page (figure 16), type in an IP address or FQDN for the ISA Server
firewall/VPN server. In this example we’ll use an IP address. If you
choose to use a FQDN, make sure the FQDN resolves to the primary IP
address on the external interface of the ISA Server firewall/VPN server.
The primary IP address is the top listed IP address seen in the Advanced
TCP/IP Properties dialog box (on the Windows 2000/Windows Server 2003
Server machine). Click Next.
Click Finish on the Make
New Connection dialog box (figure 17). The PPTP VPN connectoid is
placed in the Dial-up Networking folder (figure 18).
Return to the Dial-Up
Networking folder (figure 18) and right click on the PPTP VPN
connectoid. Click the Properties command.
Click the Server Types tab
(figure 19) in the PPTP VPN dialog box. Place checkmarks in the Require
encrypted password and Require data encryption checkboxes. Remove
the checkmarks from the NetBEUI and IPX/SPX checkboxes.
Double click on the PPTP VPN
connectoid in the Dial-Up Networking window. Type in a User name
and Password of a user that has Remote Access permission to
connect to the VPN server in the Connect To dialog box (figure 20).
You will see the You are
connected to PPTP VPN dialog box (figure 21) when the connection
succeeds. If you right click on the Dial-up networking connection icon in
the system tray and click the Status command, you’ll see the Connected
to PPTP VPN dialog box. Click the Details button.This
dialog box gives you information about the speed of the link, how long
the link has been up, and bytes sent and received. You can also see
details about the security protocols used in the Protocols list.
the L2TP/IPSec Dial-up Networking Entry
we’ve seen how the PPTP connection works, let’s create an L2TP/IPSec VPN
connectoid on the Windows 98 computer.
following steps to create an L2TP/IPSec VPN connectoid that will allow the
Windows 98 computer to connect to the ISA Server firewall/VPN server:
1.Click Start and point to Programs. Point to Accessories
and then point to Communications. Click on Dial-up Networking.
2.Double click on the Make New Connection icon in the Dial-Up
3.In the Make New Connection dialog box (figure 22),
type in a name for the connectoid in the Type a name for the computer you
are dialing text box. In this example we’ll call it L2TP-IPSec VPN.
Click the down-arrow in the Select a device drop down list box and
select the Microsoft L2TP/IPSec VPN Adapter 1 option. Click Next.
4.In the Make New Connection dialog box (figure 23),
type in the FQDN or IP address of the ISA Server firewall/VPN server in the Host
name or IP Address text box. Click Next.
5.Click Finish in the Make New Connection dialog
box. The L2TP/IPSec VPN connectoid is saved in the Dial-Up Networking
6.Double click on the L2TP/IPSec connectoid in the Dial-Up
Networking folder and enter your credentials. The L2TP/IPsec VPN connection