Setting up Remote Access with VPN on Windows 2016 Server
I have a Windows 2016 server(Domain Controller and Certification Authority). I am running Hyper-V. I have two virtual machines. The first virtual machine is I have installed and configured Remote Access Server(setup for VPN only) role. The second virtual machine I have installed the NPS (radius server). I the needed certificates enrolled.
My goal is to have the Remote Access Server function as a VPN server. I want to have a BRANCH office have the ability to:
1. Connect to the VPN server
2. Use Remote Desktop Connection to connect to a domain computer at the MAIN office.
Both offices have the Xycel VMG4325-B10A routers sitting on the edge of the network.
Both offices have access to the Internet through the Xycel router.
I have VPN ports(UDP and TCP) on an ACL list and I have Port Forwarded.
When I set up the client for VPN I am using the FQDN name of the VPN server. I am unable to connect
I am missing something? Asking for assistance.
My goal is to have the Remote Access Server function as a VPN server. I want to have a BRANCH office have the ability to:
1. Connect to the VPN server
2. Use Remote Desktop Connection to connect to a domain computer at the MAIN office.
Both offices have the Xycel VMG4325-B10A routers sitting on the edge of the network.
Both offices have access to the Internet through the Xycel router.
I have VPN ports(UDP and TCP) on an ACL list and I have Port Forwarded.
When I set up the client for VPN I am using the FQDN name of the VPN server. I am unable to connect
I am missing something? Asking for assistance.
In my "humble" opinion you would be much better off, and more secure, to set up a site-to-site VPN using the two Xycel routers. No need for RRAS or NPS, and security is at the perimeter of the network, using full IPsec.
Am I understanding that you are running hyper-v *on* your domain controller? That Laine will cause all sorts of unpredictable network issues.
I missed that. I hope the DC is a VM and not hyper-V running on the DC.
Another issue is if you have multiple users connecting as software clients to a Windows VPN server, the Xycel router at the client end will need to support VPN pass-through. I am sure it does but all routers have a pass-through limit. Some 1, the most I have seen is 9. I couldn't find specs for Xycel. A Site-to-site VPN does not have these limits. The only limit is performance, based on bandwidth.
Another issue is if you have multiple users connecting as software clients to a Windows VPN server, the Xycel router at the client end will need to support VPN pass-through. I am sure it does but all routers have a pass-through limit. Some 1, the most I have seen is 9. I couldn't find specs for Xycel. A Site-to-site VPN does not have these limits. The only limit is performance, based on bandwidth.
ASKER
Physical server with (3) virtual machines. 1. DC 2. Remote Access 3. NPS
Yes, Rob, I would love to setup a site to site with those Xycel routers to be honest on the Xycel VMG4325-B10A
I do not see how to set that up, I do not see a VPN function. The Xycel routers were provided by the ISP maybe my next step is to hit them up about an upgrade.
Yes, Rob, I would love to setup a site to site with those Xycel routers to be honest on the Xycel VMG4325-B10A
I do not see how to set that up, I do not see a VPN function. The Xycel routers were provided by the ISP maybe my next step is to hit them up about an upgrade.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The network connection between your computer and the VPN server could not be established because the remote server is not responding. I have setup this VPN connection with the server entry being the Public IP address which I have added to the ACL list pointing to the internal address of the VPN (Remote Access) server.