Published June 14, 2023, 1:20 p.m. by Courtney
- DC11 : Domain Controller (pns.vn), IP 10.0.0.11 | DC12 : Certificate Server, IP 10.0.0.12, Gateway 10.0.0.13
- DC13 : VPN Server, IP 10.0.0.13 and 10.0.2.13 | WIN71 : Client, IP 10.0.2.71, Gateway 10.0.2.13
2. Step by step : Set up an NAP VPN, WIN71 access to File Server using HiepIT account, test force turn on Firewall local
- DC13 : Request Certificate, set up NAP and routing
+ Start - MMC - File - Add/Remove Snap-in...- Certificates - Add - Computer account - Finish - Console Root - Certificates - Right-click Personal - All Tasks
- Request New Certificate... - Next to Request Certificates : Select Computer - Enroll - Finish
+ Server Manager - Manage - Add Roles and Features - Next to Server Roles : Select "Network Policy and Access Services" - Add Features - Next to Install
+ Server Manager - Tools - Network Policy Server - NPS (Local) :
+ Network Access Protection - System Health Validators - Windows Security Health Validator - Settings - Default Configuration
- Uncheck Antivirus Settings, Spyware Protection Settings and Automatic Update Settings
+ Policies - Right-click Health Policies - New - Policy name : Compliant, Client SHV checks : Client passes one or more SHV checks, Check "Windows Security Health…"
+ Policies - Right-click Health Policies - New - Policy name : Non-compliant, Client SHV checks : Client fails one or more SHV checks, Check "Windows Security Health…"
+ Policies - Network Policies - Disable "Connections to Microsoft Routing and Remote Access server" and "Connections to other access servers"
+ Right-click - Network Policies - New - Policy name : Full Access - Specify Conditions - Add... - Health Policies - Add... - Health policies : Compliant - OK - Next to Finish
+ Right-click - Network Policies - New - Policy name : Limit Access - Specify Conditions - Add... - Health Policies - Add...- Health policies : Non-compliant - OK - Next to Configure Settings :
+ NAP Enforcement : Choose "Allow limited access",
+ IP Filters : Input Filters… - New... - Destination network: IP address: 10.0.0.11 , Subnet mask: 255.255.255.255 Out Filters… - Source network: IP address: 10.0.0.11 - Finish
+ Policies - Connection Request Policies - Disable "Use Windows authentication for all users"
+ Right-click "Connection Request Policies" - New - Policy name: NAP VPN - Type of network access server : Select "Remote Access Server(VPN-Dial up)" - Specify Conditions
- Add... - Tunnel Type - Add... - Select L2TP, PPTP, SSTP - Specify Authentication Methods : Check "Override network policy authentication settings" - EAP Types :
+ Add... - Select "Microsoft: Protected EAP (PEAP)" - OK
+ Add... - Select "Microsoft:Secured password (EAP-MSCHAP v2)" - OK - Next to Finish
+ Server Manage - Manage - Add Roles and Features - Next to Server Roles : Select "Remote Access" - Next to Role Services - Select Routing - Add Features - Next to Install - Close
+ Tools - Routing and Remote Access - Right-click DC13 : Configure and Enable Routing and Remote Access - Choose "Custom configuration" - Select "VPN access ", NAT,"LAN routing" - Finish - Start service
+ Right-click DC13 - Properties - IPv4 tab - choose "Static address pool" - Add - Start 10.0.10.100 End 10.0.10.200 - OK
+ IPv4 - Right-click NAT - New Interface... - Internet (10.0.2.13) :
+ NAT tab - Choose "Public interface connected to the Internet" - Select "Enable NAT on this interface"
+ Services and Ports tab - Select "Web Server (HTTP)" - Private address : 10.0.0.12 - OK
+ Tools - Network Policy Server - Policies - Connection Request Policies - Disable "Microsoft Routing and Remote Access Service Policy"
You may also like to read about:
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.