Before adding a remote access/VPN server role | Comments |
---|---|
Determine which network interface connects to the Internet and which network interface connects to your private network. | During configuration, you will be asked to choose which network interface connects to the Internet. If you specify the incorrect interface, your remote access VPN server will not operate correctly. |
Determine whether remote clients will receive IP addresses from a Dynamic Host Configuration Protocol (DHCP) server on your private network or from the remote access VPN server that you are configuring. | If you have a DHCP server on your private network, the remote access VPN server can lease 10 addresses at a time from the DHCP server and assign those addresses to remote clients. If you do not have a DHCP server on your private network, the remote access VPN server can automatically generate and assign IP addresses to remote clients. If you want the remote access VPN server to assign IP addresses from a range that you specify, you must determine what that range should be. |
Determine whether you want connection requests from VPN clients to be authenticated by a Remote Authentication Dial-In User Service (RADIUS) server or by the remote access VPN server that you are configuring. | Adding a RADIUS server is useful if you plan to install multiple remote access VPN servers, wireless access points, or other RADIUS clients to your private network. For more information, see Network Policy Server Help. |
Determine whether VPN clients can send DHCP messages to the DHCP server on your private network. | If a DHCP server is on the same subnet as your remote access VPN server, DHCP messages from VPN clients will be able to reach the DHCP server after the VPN connection is established. If a DHCP server is on a different subnet from your remote access VPN server, make sure that the router between subnets can relay DHCP messages between clients and the server. If your router is running Windows Server® 2008, you can configure the DHCP Relay Agent service on the router to forward DHCP messages between subnets. |
Verify that all users have user accounts that are configured for dial-up access. | Before users can connect to the network, they must have user accounts on the remote access VPN server or in Active Directory® Domain Services. Each user account on a stand-alone server or a domain controller contains properties that determine whether that user can connect. On a stand-alone server, you can set these properties by right-clicking the user account in Local Users and Groups and clicking Properties. On a domain controller, you can set these properties by right-clicking the user account in the Active Directory Users and Computers console and clicking Properties. |