Windows Server Setup RADIUS and NPS For VPN Access Security
When using networked services like VPN we want to be able to control access like we are able to control access to NTFS files/folders. Well by setting up RADIUS and Network Policy Server we are able to ensure that access to or corporate network is controlled a lot better. As an example we can filter based on groups IP addresses, time etc.
The videos mention in this video refer to our VPN and CA Service:
For more visit:
Transcript (machine generated so it contains errors)
Hello and welcome today's video today's video work and I show you how to set up a radius server with the NPS role on it like a network protection policies are okay. Am all we need to do is basically, you can install this if you have one box in your active directory server with that VPN role. Already there and then add this role to otherwise based on your security, setup, you can have is on a separate server and that's one option.
Another option is have a on the remote dial in server like a VPN server. Okay, it just makes connections a little bit easier that way, but were having is on a separate server over here, which are method you choose literally what were doing 99.99% is Exodus add roles and features. Click next role next cayenne and were click clicking on network policy access and feature, click next play next next install okay.
Once the insole is finished. Okay, the eldest up for tidiness okay, all you need to do is go network policy server that will open up this window and service 16, you have the's complete literally automatic configuration system where you must take note of it. But what we will do will ghost this way because a quick way and then will show you what you would have needed to have manually configure okay let's show us click on that, that's fine. Good direct configure the learn name. It's a VPN connection you can go without a domain name argument down. We are now creating a radius client okay. Given the friendly name VPN range the house okay the IP address is you might think. The client is talking about this computer. Now it actually asking for where there is a web service running or your VPN service, et cetera okay, we'll just type in the IP address as we know that we can also type in the full name.
If we want to carry click verify resolve finds it all good. If we had set up a shared secret template that would be fine. Worse yet, secret template and were shared secret is is basically like shall we say a password on this computer and also on the other computer that is joining up to this radius server and that's it. We suggest you use the generate because you get he you thing you would want a copy this down because is no way you can rise up for this instance, what do is just quit a manual one in case it asks us to tighten the manual one hand that will be later.
Okay, so it is create something simple that confer conforms to policies. Okay, okay, that's been added okay. We are gonna add in EAP that makes everything a lot easier a lot more secure and that's it. Microsoft protected earlier this, the last one more secure one configure if you want, how many connection attempts, that's fine. You can also add in the other ones. We suggest an mostly stick with that one than now one you would have needed to have done is basically on your active directory computer created a security group, and within that security group. You then add your users, and this is what the benefit of using this NPS radius system actually is.
It's fairly similar to file and folder permissions, access permissions, we can limit those two certain groups, et cetera okay, you can filter based on certain criteria. In this, you can filter based on which group they're part of what IP address they are the connection method all those things, so we have already set one up on our active directory computer nine. That said, it finds it all good. Click next, you can create some IP filters if you do want to work on a girl with the highest encryption makes realm name is not really needed, but you can type it in. If you want to, and were literally finished before we go on to our VPN server with the setting and are quickly show you how that group needs to be set up okay.