How to configure and setup Windows 2012 VPN

0

Windows 2012 continues the iteration of Windows VPN that continues to provided remote access capabilities for network connectivity from the outside.  There have definitely been improvements with Windows 2012 VPN especially in the Direct Access functionality.  We want to show how you would go about setting up a simple VPN connection into your network using the Windows 2012 Remote Access Role.  In walking through the installation of the RRAS role, using the server manager, the process is very straightforward and easy.

Role Installation

rras1-300x211 How to configure and setup Windows 2012 VPN

 

rras2-300x295 How to configure and setup Windows 2012 VPN

rras3-300x214 How to configure and setup Windows 2012 VPN

rras4-300x213 How to configure and setup Windows 2012 VPN

rras5-300x213 How to configure and setup Windows 2012 VPN

rras6-300x211 How to configure and setup Windows 2012 VPN

rras7-300x211 How to configure and setup Windows 2012 VPN

Service Configuration

rras8-300x229 How to configure and setup Windows 2012 VPN

rras9-300x252 How to configure and setup Windows 2012 VPN

rras10-300x252 How to configure and setup Windows 2012 VPN

rras11-300x249 How to configure and setup Windows 2012 VPN

rras12-300x248 How to configure and setup Windows 2012 VPN

rras13-300x254 How to configure and setup Windows 2012 VPN

  • After the service is configured, you will see the green “up arrow” symbol which shows the RRAS server is fully operational and is ready to finish out the configuration

rras14 How to configure and setup Windows 2012 VPN

  • One detail we have to attend to is IP address assignment.  This can be done using DHCP or using a static address pool that the RRAS server manages.  Below shows how you go about assigning a DHCP relay agent which is essentially just pointing it to your DHCP server on your network.

rras15-230x300 How to configure and setup Windows 2012 VPN

rras16-270x300 How to configure and setup Windows 2012 VPN

Assigning a static address pool

 

  • Right-click the RRAS server and click Properties

rras17-300x226 How to configure and setup Windows 2012 VPN

  • In our test environment, we already have a DHCP server, so we don’t want to flag DHCP to hand out addresses.  You can then set aside a static pool of addresses you want specifically used for remote access connections

rras18-213x300 How to configure and setup Windows 2012 VPN

Configuring NPS Policies

Network Policy Server allows very granular control of users and computers that connect to your network and integrates with the Remote Access Role.  We need to configure a couple of things here in the NPS console to allow our VPN connection access to our network.

  • Launch NPS by typing nps.msc at a run menu

Under Network Policies in our NPS console we find the “Connections to Microsoft Routing and Remote Access server” defined.  By default, the Access Type is set to Deny Access so we need to change this to Grant Access.

rras23-300x91 How to configure and setup Windows 2012 VPN

rras20-300x246 How to configure and setup Windows 2012 VPN

rras21-300x248 How to configure and setup Windows 2012 VPN

rras22-300x248 How to configure and setup Windows 2012 VPN

 

  • Remote Access can be restricted to only a certain Windows User or Computer group among many other options


rras22-300x248 How to configure and setup Windows 2012 VPN

 

 

Network Port Considerations

One thing that will have to be considered is port traffic that will be passed to your internal or DMZ to hit the Windows Server 2012 VPN.

  • Port 1723 will have to be passed to our Windows 2012 server.

Just to give a quick idea of what we have to do on a consumer grade router/bridge, in our test environment we are connected to a cable connection via a Netgear Router/switch.  Most manufacturers call this functionality Port forwardingtriggering, or something similar.  Take a look at the screen shot below to see how we set this up.  Our Windows 2012 box is assigned the 192.168.1.56 address which the Netgear router will forward port 1723 traffic.

rras19-300x146 How to configure and setup Windows 2012 VPN

 

 

Final Thoughts

Setting up VPN in Windows 2012 is pretty straightforward and doesn’t require a lot of configuration to have a functional VPN.  There are myriads of conditions that can be used to restrict and control access to certain users, hardware, or network connection types.  RRAS along with NPS is a powerful solution.  Network Access Protection can also be added in the mix to harden the network even more.