Windows Server 2008 NAP (Part 6)

by Marin Franković on 22 January, 2009

… continued from part 5

Configuring connection request policies

  • Click Connection Request Policies
  • Disable default policies
  • Create new policy and name it VPN connections
  • Select Remote Access Server (DialUp or VPN) under Type of network access server
  • In Specify conditions click Add
  • Double click TUnnel type and select L2TP and PPTP, click OK
  • In the Specify Connection Request Forwarding verify that Authenticate Request on This Server is selected
  • In Authentication Methods select Override network policy authentication settings
  • Under EAP types click Add, select EAP-MSCHAP under Authentication methods
  • Uder EAP types, click Microsoft:Protected EAP (PEAP) and click Edit
  • Verify that Enable Quarantine checks is enabled, click OK, click Next twice and then click Finish


We have to configure SRV as Routing and Remote access service for VPN:

  • Open RRAS console
  • Install VPN role
  • Select External network interface and clear check mark next to Enable security on selected interface by setting up static packet filters
  • Creata a range of IP addresess that will be assigned to VPN clients
  • Use RRAS to authenticate users
  • Click Finish and wait until RRAS starts
  • Open NPS console, open Connection Request Policies and disable Microsoft Routing and Remote Access Policy
  • Close NPS conslole


We have to allow ping to SRV1

  • Open Windows Firewall with Advanced Security
  • Create custom inboud rule for All programs, with protocol type ICMPv4 and ICMP type Echo request for the default scope options
  • In the Action windows verify that Allow the connection is selected and click next
  • Select default profile
  • Typa a name for the rule and click Finish


Next up is configuring of the CLI computer and testing NAP VPN enforcement.

{ 0 comments… add one now }

Leave a Reply

Previous post:

Next post: