1
00:00:02,240 --> 00:00:05,900
So the next step is to add some IPv4 and IPv6

2
00:00:05,900 --> 00:00:08,890
routes to this VPN test connection, and to do that,

3
00:00:08,890 --> 00:00:10,940
we're going to use PowerShell.

4
00:00:10,940 --> 00:00:13,340
So I'll open the PowerShell command window here,

5
00:00:13,340 --> 00:00:22,240
and the command to add a route to a VPN connection is Add‑VpnConnectionRoute.

6
00:00:22,240 --> 00:00:26,840
We'll have to supply the name, so the switch for that is ConnectionName,

7
00:00:26,840 --> 00:00:30,340
and then the name of the profile.

8
00:00:30,340 --> 00:00:33,500
If you're using spaces in your VPN profile name,

9
00:00:33,500 --> 00:00:35,150
you would have to obviously put those in quotes,

10
00:00:35,150 --> 00:00:37,540
I didn't need to do that here, but I did it anyway.

11
00:00:37,540 --> 00:00:45,420
Then we'll supply the destination prefix switch, and this is the IPv4 or

12
00:00:45,420 --> 00:00:48,330
IPv6 prefix that you want to route over the tunnel,

13
00:00:48,330 --> 00:00:52,240
so I'll add a couple of examples here.

14
00:00:52,240 --> 00:00:52,810
That's it.

15
00:00:52,810 --> 00:00:56,240
So we've basically told the VPN that anything matching

16
00:00:56,240 --> 00:01:00,630
172.16.0.0/16 goes over the tunnel.

17
00:01:00,630 --> 00:01:07,760
So I'm going to add another route for my IPv6 prefix as well, and that's it.

18
00:01:07,760 --> 00:01:09,840
So our routing is in place, and of course,

19
00:01:09,840 --> 00:01:13,700
you can run as many Add‑VpnConnectionRoute commands as you need.

20
00:01:13,700 --> 00:01:16,580
So if you have multiple subnets that you want to reach,

21
00:01:16,580 --> 00:01:18,090
you can run multiple commands.

22
00:01:18,090 --> 00:01:21,260
I would encourage you, of course, to summarize as much as possible.

23
00:01:21,260 --> 00:01:23,790
You don't want to pound 50 or 100 routes in here,

24
00:01:23,790 --> 00:01:27,340
try to summarize as much as you can, but ultimately,

25
00:01:27,340 --> 00:01:31,840
any routes that you need to get to over the VPN tunnel need to be added here.

26
00:01:31,840 --> 00:01:35,310
So the next thing we'll do is add our IPsec policy.

27
00:01:35,310 --> 00:01:36,080
Once again,

28
00:01:36,080 --> 00:01:39,650
we need to define the policy because the default policy for this VPN

29
00:01:39,650 --> 00:01:43,680
Tunnel does not match what's configured on the server.

30
00:01:43,680 --> 00:01:44,040
Now,

31
00:01:44,040 --> 00:01:50,270
this command is a tad complex let's say so I have actually kind

32
00:01:50,270 --> 00:01:52,440
of pre‑staged it here on the Notepad for you,

33
00:01:52,440 --> 00:01:55,300
and I will walk you through this, and then I'm going to copy and paste it.

34
00:01:55,300 --> 00:02:01,390
So the command is actually Set‑VpnConnectionIPsecConfiguration,

35
00:02:01,390 --> 00:02:03,210
so the connection name is, of course,

36
00:02:03,210 --> 00:02:06,070
the name of your Test VPN profile, and again,

37
00:02:06,070 --> 00:02:09,940
if your profile name has spaces in it, you will need the quotes.

38
00:02:09,940 --> 00:02:14,570
Then we would use the authentication transform constants, and

39
00:02:14,570 --> 00:02:19,120
the setting here we're using is GCMAES128.

40
00:02:19,120 --> 00:02:23,650
CipherTransformConstants are GCMAES128 as well.

41
00:02:23,650 --> 00:02:27,990
We are using the ‑DHGroup 14, and Group14 here.

42
00:02:27,990 --> 00:02:31,840
Group14 is an RSA 2048‑bit key.

43
00:02:31,840 --> 00:02:36,160
Here is our encryption method, which is GCMAECS128.

44
00:02:36,160 --> 00:02:39,720
Our integrity check method, which is SHA256.

45
00:02:39,720 --> 00:02:44,160
Our perfect forward secrecy, or PFS, group we're using ECP256,

46
00:02:44,160 --> 00:02:47,690
and we're adding the ‑Force switch here.

47
00:02:47,690 --> 00:02:50,260
So I'm just going to copy all of this and I'm going to paste

48
00:02:50,260 --> 00:02:56,610
it into this PowerShell command window, and that's it.

49
00:02:56,610 --> 00:03:08,000
So at this point, we have our test VPN profile configured and ready to go, and so we'll fire up a quick test and see if everything's working.