5. Install and Configure VPN Servers
Install Remote Access as a RAS Gateway on your VPN Server
- Open powershell as administrator and issue the following command:
Install-WindowsFeature DirectAccess-VPN -IncludeManagementTools
- Open server manager and click Open the Getting Started Wizard
- Configure remote access window - Deploy VPN only
- Welcome to the Routing and Remote Access Server Setup Wizard > Custom Configuration > VPN access
- Select Start service to start Remote Access
- Right-click on the VPN server and select Configure and Enable Routing and Remote Access
- Security tab - Change the Authentication provider to RADIUS Authentication and click Configure
- Security tab continue - Click Add, FQDN: vpnservername.clientname.co.uk, Shared secret: randomly generated (save it in password vault)
- Security tab continue - Review Time-out, Initial Score and Port
- Security tab continue - Accounting provider, enabled Windows Accounting and to RADIUS Account and configure the NPS server name
- Security tab continue - Under SSL chose the Clientname VPN Server Authentication
- IPv4 tab for the VPN server - Static Address pool 10.0.26.20 - 10.0.26.240. Number 989. IP Address 10.0.26.0. Adapter: BackDMZ
- Click OK
- Right-click Ports > Properties
- Select WAN Miniport (SSTP) > Configure
- Clear the Remote access connections (inbound only) and Demand-dial routing connections (inbound and outbound) check boxes.
- Under Maximum Ports enter 989
- Select WAN Miniport (IKEv2) > Configure
- Under Maximum Ports enter 989