· VPN remote access used to enable us to access internal network from anywhere
· Notes to configure your server for VPN R.A :-
1- User authentication :-
** VPN server can be workgroup or member of domain .
** For domain environment ensure that your VPN server or ISA server computer
account is a member of " RAS and IAS servers " Group .
account is a member of " RAS and IAS servers " Group .
** Ensure that the user (local / domain) have allow access Dial-in permission .
2- IP address assignment :-
** VPN clients can get IP addresses from STATIC range Or DHCP SERVER .
** In case of DHCP , take these considerations :-
A- Configure DHCP relay agent (listen from EXT interface + specify DHCP IP) .
B- We can control how VPN server will reserve IP leases from DHCP scope by modifying registry :-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IP
Value Name: InitialAddressPoolSize
Data Type: REG_DWORD
Default: 10 " you can change this value as you wish "
3- We can control VPN clients by using remote access policies , if so take these notes :-
A- Domain function level must be native or higher .
B- We can control remote access policies from RRAS console .
C- Or we can use IAS server (RADIUS server) to centralize authentication and accounting for VPN servers (RADIUS clients) .
D- RADIUS server will become a member of " RAS and IAS servers " group .
4- Authentication :- we use MS-CHAP V2 .
5- Tunneling protocol :- PPTP or [ L2TP ---- require computer Certificates ] .
6- Encryption level :- used in remote access policies (128bit) .
ليست هناك تعليقات:
إرسال تعليق