Steps for Configuring the Internet Subnet

There are two steps to setting up the Internet subnet of the Base Configuration Test Lab.

1. Configure EDGE1.

2. Configure INET1.

Step 1: Configure EDGE1

EDGE1 configuration consists of the following:

• Install the operating system.

• Configure TCP/IP.

• Join the computer to the domain.

EDGE1 must have two network adapters installed.

Install the operating system on EDGE1

First, install Windows Server 2008 R2 as a standalone server.

To install the operating system on EDGE1

1. Start the installation of Windows Server 2008 R2.

2. Follow the instructions to complete the installation, specifying Windows Server 2008 R2 Enterprise Edition (full installation) and a strong password for the local Administrator account. Log on using the local Administrator account.

3. Connect EDGE1 to a network that has Internet access and run Windows Update to install the latest updates for Windows Server 2008 R2.

4. Connect one network adapter to the Corpnet subnet and the other to the Internet subnet.

Configure TCP/IP properties

Next, configure the TCP/IP protocol with static IPv4 addresses on both network interfaces.

To configure TCP/IP properties

1. In Initial Configuration Tasks, click Configure networking.

2. In Network Connections, right-click the network connection that is connected to the Corpnet subnet, and then click Rename.

3. Type Corpnet, and then press ENTER.

4. Right-click Corpnet, and then click Properties.

5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

6. Select Use the following IP address. In IP address, type 10.0.0.2. In Subnet mask, type 255.255.255.0.

7. Select Use the following DNS server addresses. In Preferred DNS server, type 10.0.0.1.

8. Click Advanced, and then the DNS tab.

9. In DNS suffix for this connection, type corp.contoso.com, click OK twice, and then click Close.

10. In the Network Connections window, right-click the network connection that is connected to the Internet subnet, and then click Rename.

11. Type Internet, and then press ENTER.

12. Right-click Internet, and then click Properties.

13. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

14. Select Use the following IP address. In IP address, type 131.107.0.2. In Subnet mask, type 255.255.255.0.

15. Click Advanced. On the IP Settings tab, click Add for IP Addresses. In the TCP/IP Address section, type 131.107.0.3 in IP address, type 255.255.255.0 in Subnet mask, and then click Add.

16. Click the DNS tab.

17. In DNS suffix for this connection, type isp.example.com, and then click OK three times.

18. Close the Network Connections window.

19. To check network communication between EDGE1 and DC1, click Start, click All Programs, click Accessories, and then click Command Prompt.

20. In the Command Prompt window, type ping dc1.corp.contoso.com.

21. Verify that there are four responses from 10.0.0.1.

22. Close the Command Prompt window.

Tip

You need to configure two consecutive public IPv4 addresses on the Internet interface of EDGE1 to support test lab guides that use EDGE1 as a DirectAccess server, so that Teredo-based DirectAccess clients can detect the type of NAT behind which they are located. For more information, see Teredo Overview (https://go.microsoft.com/fwlink/?LinkId=169500).

Join EDGE1 to the CORP domain

Next, join EDGE1 to the corp.contoso.com domain.

To join EDGE1 to the CORP domain

1. In Initial Configuration Tasks, click Provide Computer Name and Domain.

2. In the System Properties dialog box, on the Computer Name tab, click Change.

3. In Computer Name, type EDGE1. In Member of, click Domain, and then type corp.contoso.com.

4. Click OK.

5. When you are prompted for a user name and password, type User1 and its password, and then click OK.

6. When you see a dialog box welcoming you to the corp.contoso.com domain, click OK.

7. When you are prompted that you must restart the computer, click OK.

8. In the System Properties dialog box, click Close.

9. When you are prompted to restart the computer, click Restart Now.

10. After the computer has restarted, click Switch User, and then click Other User and log on to the CORP domain with the User1 account.

11. In Initial Configuration Tasks, click Do not show this window at logon, and then click Close.

Step 2: Configure INET1

• Install the operating system.

• Configure TCP/IP.

• Rename the computer.

• Install the Web Server (IIS) and DNS server roles.

• Create DNS records.

• Install the DHCP server role.

• Configure the NCSI web site.

• Test CLIENT1 access to Internet resources from the Internet subnet.

Install the operating system on INET1

First, install Windows Server 2008 R2 Enterprise Edition on INET1.

To install the operating system on INET1

1. Start the installation of Windows Server 2008 R2 Enterprise Edition.

2. Follow the instructions to complete the installation, specifying a strong password for the local Administrator account. Log on using the local Administrator account.

3. Connect INET1 to a network that has Internet access and run Windows Update to install the latest updates for Windows Server 2008 R2.

4. Connect INET1 to the Internet subnet.

Configure TCP/IP properties

Next, configure TCP/IP on INET1.

To configure TCP/IP properties

1. In Initial Configuration Tasks, click Configure networking.

2. In the Network Connections window, right-click Local Area Connection, and then click Properties.

3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

4. Select Use the following IP address. In IP address, type 131.107.0.1. In Subnet mask, type 255.255.255.0.

5. Click Advanced, and then click the DNS tab.

6. In DNS suffix for this connection, type isp.example.com, and then click OK.

7. Click OK, and then click Close to close the Local Area Connection Properties dialog box.

8. Close the Network Connections window.

9. To check network communication between INET1 and EDGE1, click Start, click All Programs, click Accessories, and then click Command Prompt.

10. In the Command Prompt window, type ping 131.107.0.2.

11. Verify that there are four failures from 131.107.0.2 indicating that the request timed out. The reason is that Windows Firewall with Advanced Security on EDGE1 blocks the incoming ping messages. At the command prompt, run the arp –g command and confirm that a Physical Address is associated with the Internet Address of 131.107.0.2. This confirms reachability to 131.107.0.2.

12. Close the Command Prompt window.

13. Click Start, right-click Network, and then click Properties.

14. In the Network and Sharing Center window, click Change advanced sharing settings.

15. In the Advanced sharing settings window, click Turn on file and printer sharing, and then click Save changes.

16. Close the Network and Sharing Center window.

Rename the computer

Next, rename the computer to INET1.

To rename the computer to INET1

1. In Initial Configuration Tasks, click Provide Computer Name and Domain.

2. In the System Properties dialog box, on the Computer Name tab, click Change.

3. In Computer Name, type INET1.

4. Click OK.

5. When you are prompted that you must restart the computer, click OK.

6. On the System Properties dialog box, click Close.

7. When you are prompted to restart the computer, click Restart Now.

8. After the computer has restarted, log on with the local Administrator account.

9. In Initial Configuration Tasks, click Do not show this window at logon, and then click Close.

Install the Web Server (IIS) and DNS server roles

Next, install role services for INET1, which will act as an Internet web and DNS server for computers that are connected to the Internet subnet.

To install the IIS and DNS server roles

1. In Server Manager, under Roles Summary, click Add Roles, and then click Next.

2. On the Select Server Roles page, select Web Server (IIS) and DNS Server, and then click Next.

3. Click Next twice to accept the default web server settings, and then click Install.

4. Verify that all installations were successful, and then click Close.

Create DNS records

Next, create Host (A) DNS records for INET1’s and EDGE1’s IPv4 addresses on the Internet subnet and for the Network Connectivity Status Indicator (NCSI).

To create DNS records

1. Click Start, point to Administrative Tools, and then click DNS.

2. In the console tree of DNS Manager, open INET1.

3. Right-click Forward Lookup Zones, click New Zone, and then click Next.

4. On the Zone Type page, click Next.

5. On the Zone Name page, type isp.example.com, and then click Next.

6. On the Dynamic Update page, click Next, and then click Finish.

7. In the console tree, right-click isp.example.com, and then click New Host (A or AAAA).

8. In Name, type INET1. In IP address, type 131.107.0.1. Click Add Host.

9. Click OK, and then click Done.

10. In the console tree, right-click Forward Lookup Zones, click New Zone, and then click Next.

11. On the Zone Type page, click Next.

12. On the Zone Name page, type contoso.com, and then click Next.

13. On the Dynamic Update page, click Next, and then click Finish.

14. In the console tree, right-click contoso.com, and then click New Host (A or AAAA).

15. In Name, type EDGE1. In IP address, type 131.107.0.2.

16. Click Add Host. Click OK, and then click Done.

17. In the console tree, right-click Forward Lookup Zones, click New Zone, and then click Next.

18. On the Zone Type page, click Next.

19. On the Zone Name page, type msftncsi.com, and then click Next.

20. On the Dynamic Update page, click Next, and then click Finish.

21. In the console tree, right-click msftncsi.com, and then click New Host (A or AAAA).

22. In Name, type www. In IP address, type 131.107.0.1.

23. Click Add Host. Click OK.

24. In Name, type dns. In IP address, type 131.107.255.255. Click OK. Click Done.

25. Close the DNS console.

Install and configure the DHCP server role on INET1

Next, configure INET1 as a DHCP server so that CLIENT1 can automatically configure itself when connecting to the Internet subnet.

To install and configure the DHCP server role

1. Click Start, point to Administrative Tools, and then click Server Manager.

2. Under Roles Summary, click Add roles, and then click Next.

3. On the Select Server Roles page, select DHCP Server, and then click Next twice.

4. On the Select Network Connection Bindings page, verify that 131.107.0.1 is selected, and then click Next.

5. On the Specify IPv4 DNS Server Settings page, type isp.example.com in Parent domain.

6. Type 131.107.0.1 under Preferred DNS server IP address, and click Validate. Verify that the result returned is Valid, and then click Next.

7. On the Specify WINS Server Settings page, accept the default setting of WINS is not required on this network, and then click Next.

8. On the Add or Edit DHCP Scopes page, click Add.

9. In the Add Scope dialog box, in Scope Name, type Internet. In Starting IP Address, type 131.107.0.100. In Ending IP Address, type 131.107.0.150. In Subnet Mask, type 255.255.255.0. In Default gateway (optional), type 131.107.0.1.

10. Select Activate this scope, click OK, and then click Next.

11. On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server, and then click Next.

12. On the Confirm Installation Selections page, click Install.

13. Verify that the installation was successful, and then click Close.

Configure the NCSI web site

Windows 7 clients attempt to connect to the URL https://www.msftncsi.com/ncsi.txt and resolve the name dns.msftncsi.com to determine if they have Internet connectivity. In the following procedure, you create the ncsi.txt file and place it in the WWWROOT directory on INET1.

To configure the NCSI web site

1. On INET1, click Start, click Computer, and then navigate to C:\inetpub\wwwroot.

2. In the details pane, right-click an empty area, point to New, and then click Text Document.

3. Rename the document to ncsi.

4. Double-click ncsi.

5. In the Notepad window, type Microsoft NCSI. Do not press ENTER to add a new line.

6. Click File, and then click Exit. In the Notepad dialog box, click Save.

Test access to Internet resources from the Internet subnet

Next, connect CLIENT1 to the Internet subnet and test connectivity to resources on INET1.

To test access to Internet resources from the Internet subnet

1. Move CLIENT1 from Corpnet subnet to the Internet subnet. Note that after network detection is complete, the warning symbol on the network icon in the system notification area no longer appears. Hover over the network icon in the system notification area and notice that it indicates Internet access.

2. From the taskbar, click the Internet Explorer icon.

3. In the Address bar, type https://inet1.isp.example.com/, and then press ENTER. You should see the default IIS 7 web page.

4. Close the Internet Explorer window.

5. Open a command prompt window. Type ping inet1 and press ENTER. You should see four responses from 131.107.0.1. Type ping edge1.contoso.com and press ENTER. You should see four failures from 131.107.0.2 indicating that the request timed out. Recall that Windows Firewall with Advanced Security on EDGE1 blocks the ping messages. At the command prompt, run the arp –g command and confirm that a Physical Address is associated with the Internet Address of 131.107.0.2.

6. Move CLIENT1 from the Internet subnet to the Corpnet subnet.

7. From the command prompt window, type ping inet1, and then press ENTER. You should see a “could not find host inet1” message and no responses. Type ping 131.107.0.1, and then press ENTER. You should see “transmit failed” messages and no responses. This indicates that there is no connectivity between the Corpnet subnet and the Internet subnet.

   Although EDGE1 is connected to both the Internet and Corpnet subnets, it is not providing any routing, address translation, or proxying services to allow computers on the Corpnet subnet to access resources on the Internet subnet. An additional test lab guide will configure Internet subnet access from the Corpnet subnet as needed.