configure a remote access policy - world class cadworldclasscad.com/networking_pdf/2008...
TRANSCRIPT
Configure a Remote Access PolicyConfigure a Remote Access Policy
June 6, 2012
Copyright © 2012 by World Class CAD, LLC. All Rights Reserved.
Network PoliciesNetwork Policies
We need to set policies onthe Network Policy Serverso that the VPN connectioncan function.
Open Network Policy ServerOpen Network Policy Server
To access the Network Policy Server, we click on the Start menu, select AdministrativeTools and Network Policy Server.
Network Policy Server WindowNetwork Policy Server Window The Network Policy Server window will appear and in left pane, and we should open thepolicies folder We will see two policies in the right pane The first is Connections topolicies folder. We will see two policies in the right pane. The first is Connections toMicrosoft Routing and Remote Access server and the second is Connections to other accessservers. We will open the first policy by double clicking on it.
Connections to Microsoft Routing and Remote Access Server
There are two things weneed to do in this dialogbox. We need to changethe deny access option togrant access. Then wegrant access. Then weneed to pick RemoteAccess Server (VPN Dialup) from the list of typesf kof network access servers.
We need to push theApply button to save ourchanges. We should pressg pOK to return to theNetwork Policy Serverwindow.
Network Policy Server WindowNetwork Policy Server WindowBack at the Network Policy Server window, we can see the Connections to MicrosoftRouting and Remote Access Server no longer has a red “x” but a green check mark ToRouting and Remote Access Server no longer has a red “x” but a green check mark. Toopen the Connections to the other access servers dialog box, double click on thispolicy.
Connections to Other Access ServersConnections to Other Access Servers
Again, there are twothings we need to do inthis dialog box. We needto alter the deny accessoption to grant access.option to grant access.Then we need to pickRemote Access Server(VPN Dial up) from the listf f kof types of network access
servers. We need to pushthe Apply button to saveour changes. We shouldgpress OK to return to theNetwork Policy Serverwindow.
Network Policy Server WindowyWhen we return to the Network Policy Server window, we can see the Connections to otheraccess Server no longer has a red “x” but also has a green check mark. Next, we will want tolt f th tti th C ti t Mi ft R ti d R t Aalter some of the settings on the Connections to Microsoft Routing and Remote AccessServer policy, so right click on the name and select Properties from the menu..
Connections to Microsoft Routing and Remote Access Server Properties
In the Connections toMicrosoft Routing andRemote Access ServerProperties dialogue box,we will choose thewe will choose theConstraints tab. There aresix constraints shown inthe left pane which areA h i i M h dAuthentication Methods,Idle Timeout, SessionTimeout, Called StationID, Day and Time, yrestrictions, and NAS Porttype.
Idle TimeoutIdle Timeout
We should select idle timeout inthe left pane. We will annotatethe disconnect after themaximum idle time checkboxand set that period for 15and set that period for 15minute. What ever time wechoose, it is the amount ofminutes that the server can
i idl b f hremain idle before theconnection to server isterminated. After makingchanges, we should press theg , pApply button.
Session TimeoutSession Timeout
We next select sessiontimeout in the left pane. Wewill annotate the disconnectafter the following maximumsession time checkbox andsession time checkbox andset that period for 240minute. What ever time wechoose, it is the maximum
f i h hamount of minutes that theuser can stay connected toserver before the connectionis terminated. After makinggchanges, we should press theApply button.
Day and Time RestrictionsDay and Time Restrictions
On the day and timerestriction constraints,we are able to enable ordeny access to theremote access computerremote access computeraccording to day of theweek and hour of theday. We press the Editb k hbutton to make thespecific settings. Aftermaking changes, weshould press the Applyp pp ybutton.
Day and Time Restrictions WindowDay and Time Restrictions Window
In the Day and time restrictionswindow , we can allow access toserver from 6 am to 8 pm,Monday through Friday. Wehighlight the hours that wehighlight the hours that weshould not be in the office andopt for the Logon denied radialbutton. Only the blue area
h h irepresents when the connectioncan be made.
NAS Port TypeNAS Port Type
On the NAS Port Type, wemake sure that VPN checkboxis annotated for common dialup and VPN tunnel types andEthernet and WirelessEthernet and Wirelesscheckboxes for common802.1X connections tunneltypes and the VPN checkboxf h Af kifor others. After makingchanges, we should press theApply button.
Settings TabSettings Tab
We will check thesettings for the policesand particularly the IPSettings. We can evenassign a static IPv4assign a static IPv4address if we would liketo. After makingchanges, we should
h A l bpress the Apply button.
Network Policy Server WindowNetwork Policy Server Window
We can see the policies on the window and the summaries below it.