After preparing the server infrastructure for deploying IKEv2-based vpn access in part1 we can proceed to server configurations. The vpn server (vpn.testenterprise.net) will be the first server to deploy. Let’s start by installing remote access on vpn.testenterprise.net:
To configure the service in Server Manager I click Open the Getting Started Wizard (it may take a couple of minutes for this window to appear – otherwise you can run Remote Access from Server Manager and run the wizard by clicking Run the Getting Started Wizard):
In the Adapter drop-down list I’ll select the internal network adapter (TestENTERPRISE).
For I’m going to use the nps server for the accounting and authentication purposes I must select RADIUS Authentication on the Security tab and type in the preshared secret which will be used for authentication between the vpn and nps servers: this same secret should later be configured on the nps server:
Click OK and then open the Ports‘ properties – as my goal is to provide only the IKEv2 vpn access I must disable all other port types except IKEv2 and set the number of ports available for client connections:
Pressing OK completes the installation and configuration of the vpn server.
Now the nps role can be installed and configured on nps.testenterprise.net:
If you prefer to configure your ports manually you should consider opening the following ports.
10.1.1.5 is the internal ip of my vpn server (vpn.testenterprise.net). Shared secret – the same secret that was enterted on the vpn server.
For the page illustrated above I’d like to make some clarification: many of you may be asking youselves now why there are three authentication methods available if by definition we can authenticate users either by certificates or by logins/passwords – here’s why:
On the next pages the group may be added – only members of these groups will have remote access to the network. I will add the group VPN-Users created in Part1.
The configuration of the nps server is completed.
In part3 I’ll show you how to configure a vpn client and test the connection.