Keine Beschreibung vorhanden.
Erscheinungsdatum: 26.11.2021

nexusstc/Implementing Always On VPN: Modern Mobility with Microsoft Windows 10 and Windows Server 2022/0a796de257539ad35123230a42389af0.pdf

lgrsnf/701.pdf

zlib/Computers/Microsoft Windows/Richard M. Hicks/Implementing Always On VPN: Modern Mobility with Microsoft Windows 10 and Windows Server 2022_18209142.pdf

Hicks, Richard M.

Apress, Incorporated

Springer Nature

Springer Apress

1st ed. 2022, Berkeley, CA, Berkeley, CA, 2022

United States, United States of America

Springer Nature, [New York, NY], 2022

lieu de publication inconnu, 2022

New York, 2021

1, 20211125

{"edition":"1","isbns":["1484277406","1484277414","9781484277409","9781484277416"],"last_page":357,"publisher":"Apress"}

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Always On VPN Overview
VPN
DirectAccess
Demise of DirectAccess
DirectAccess Replacement
Always On VPN
Always On VPN Infrastructure
Routing and Remote Access Service
Network Policy Server
Infrastructure Independent
Modern Management
Cloud Integration
Summary
Chapter 2: Plan for Always On VPN
VPN Server
Windows Server
Domain Join
Server Core
Network Interfaces
Network Placement
IPv6
Non-Microsoft VPN Devices
IKEv2
Windows Store Client
Authentication Server
Windows Server
PKI
VPN Protocols
IKEv2
SSTP
L2TP
PPTP
Certificates
SSTP
IKEv2
NPS
User Authentication
Device Authentication
TPM
VPN Client IP Addressing
DHCP
Static Pool
Address Range
IPv4 Subnet
IPv6 Prefix
Split vs. Force Tunneling
Split Tunnel
Force Tunnel
Firewall Configuration
IKEv2
SSTP
NAT Configuration
Client Provisioning
Microsoft Endpoint Manager
PowerShell
MECM
Co-management
Summary
Chapter 3: Prepare the Infrastructure
Security Groups
Certificates
Certificate Templates
VPN Server
NPS Server
User Authentication
Device Authentication
Kerberos Authentication
Issue Certificate Templates
Issuing CA Servers
Certificate Autoenrollment
Autoenrollment GPO
Summary
Chapter 4: Configure Windows Server for Always On VPN
Network Policy Server
Preparation
Install NPS
Configure NPS
RADIUS Client
Network Policy
Routing and Remote Access Service Server
Preparation
Network Configuration
Single NIC
Dual NIC
External Interface
Internal Interface
Static Routes
Certificates
IKEv2 IPsec Certificate
Server GUI Domain-Joined
Server GUI Non-Domain Joined
Export CA Certificates
Import CA Certificates
Generate CSR
Request Certificate
Server Core Domain-Joined
Create INF File
Create CSR
Server Core Non-Domain Joined
SSTP Certificate
Install RRAS
Install RSAT
Windows Server
Windows 10
Configure RSAT
Configure RRAS
Optimize RRAS
IKEv2 Settings
IPsec Parameters
IKEv2 Fragmentation
IKEv2 Root Certificate
IKEv2 CRL Check
TLS Configuration
Summary
Chapter 5: Provision Always On VPN Clients
Validation Testing
Verify Certificates
Test Profile
VPN Settings
Authentication Settings
Network Settings
Routing
IPsec Policy
Test Connection
SSTP
IKEv2
Device Authentication
Profile Deployment
Microsoft Endpoint Manager
Profile Configuration
User Tunnel
Device Tunnel
Additional Configuration
Custom XML
XML Configuration
Endpoint Manager
PowerShell Script
User Tunnel
Device Tunnel
SCCM
Group Policy
Group Policy Object
Policy Settings
Summary
Chapter 6: Advanced Configuration
Name Resolution Policy Table
Configure NRPT
Proxy Server
Global Explicit Proxy
Global Proxy Autoconfiguration
Namespace Proxy
Caveat
Traffic Filtering
Direction
Application Filtering
Desktop Application Filter
Windows Store Application Filter
SYSTEM Application Filter
LockDown VPN
LockDown Limitations
Configure LockDown VPN
Deleting LockDown VPN
Summary
Chapter 7: Cloud Deployments
Azure VPN Gateway
Advantages
Disadvantages
Requirements
Gateway SKUs
Site-to-Site Compatibility
Azure VPN Gateway Configuration
User Tunnel
NPS Configuration
Gateway Configuration
Client Configuration
Device Tunnel
Root Certificate
Gateway Configuration
Client Configuration
IKEv2 Cryptography
Update Azure VPN IPsec Policy
Update Client Policy
Azure Virtual WAN
Advantages
Disadvantages
Requirements
Azure Virtual WAN Configuration
Virtual WAN Hub
Certificate Authentication
RADIUS Authentication
Point-to-Site Connection
VNet Connection
Client Configuration
Windows Server RRAS
Supportability
Azure RRAS Configuration
Public IP Address
Inbound Traffic
Client IP Subnet
IP Forwarding
Routing
Third-Party VPN in Azure
Summary
Chapter 8: Deploy Certificates with Intune
Deployment Options
PKCS
SCEP
PKCS Certificates
CA Permissions
Certificate Template
Install Certificate Connector for Intune
PKCS Intune Configuration
Export CA Certificates
Deploy CA Certificates
PKCS User Certificate
PKCS Device Certificate
SCEP Certificates
Service Account
CA Permissions
Certificate Template
Install NDES
Configure NDES
Publish NDES
NDES TLS Certificate
Install Intune Certificate Connector
SCEP User Certificate
SCEP Device Certificate
Summary
Chapter 9: Azure MFA Integration
Azure MFA
Is MFA Necessary?
Risk Mitigation
Certificate Authentication
Additional Considerations
Recommendation
Azure MFA with NPS
Requirements
Install NPS Extension
Update RRAS Authentication
Certificate Management
Troubleshooting Script
Azure Conditional Access
Requirements
Configure Azure Conditional Access
VPN Root Certificate
Publish Certificate
Verify Certificates
NPS Configuration
Update NPS Policy
Conditional Access Policy
Create Policy
Client Configuration
Endpoint Manager UI
EAP Configuration
Custom XML
Third-Party MFA
Summary
Chapter 10: High Availability
VPN High Availability
Prerequisites
Windows NLB
Limitations
Configure NLB
Create NLB Cluster
Add Cluster Nodes
Server Core
External Load Balancer
External Load Balancer Configuration
NPS High Availability
Prerequisites
Update Client Configuration
Update VPN Configuration
NPS Load Balancing
DNS Alias
External Load Balancer
Certificate Configuration
Geographic Load Balancing
Azure Traffic Manager
Azure Traffic Manager and IKEv2
Azure Traffic Manager Profile
Validation Testing
DNS Alias
Summary
Chapter 11: Monitor and Report
RRAS Management Console
Adding Servers
Firewall Requirements
System Health
User Activity
Remote Access Management Console
Overview
System Health
User Activity
Customize Headings
Reporting
PowerShell
System Health
User Activity
Log Files
Disconnecting Sessions
Management Consoles
PowerShell
Permanent Disconnects
User Connections
Device Connections
Summary
Chapter 12: Troubleshooting
Common Error Codes
809
Common Causes
Testing
Port Probe
Network Trace
812
Group Membership
Authentication Type
NPS Communication
Azure Conditional Access
Event Logs
Other Causes
13801
Testing
13806
Missing Client Certificate
Missing Server Certificate
13868
VPN Server
VPN Client
Registry Setting
NPS Configuration
853
Missing Certificate
858
864
Certificate Assignment
Root Certificate
798
Permissions
TPM
Other Known Issues
Clients Prompted for Authentication
RRAS Service Won’t Start
Load Balancing and NAT
SSTP Connect/Disconnect
Custom Cryptography Settings Ignored
Summary
Index

Implement and support Windows 10 Always On VPN, the successor to Microsoft's popular DirectAccess. This book teaches you everything you need to know to test and adopt the technology at your organization that is widely deployed around the world. The book starts with an introduction to Always On VPN and discusses fundamental concepts along with use cases to compare and contrast it with DirectAccess. You will learn the prerequisites required for implementation and deployment scenarios. The book presents the details of VPN protocols, client IP address assignment, and firewall requirements. Also covered is how to configure Windows Server Routing and Remote Access Service (RRAS) along with performance optimizations. You will go through provisioning Always On VPN to Windows 10 clients. The Configuration Service Provider (CSP) mode is discussed and you will learn to create a configuration XML file and provision it locally using PowerShell. Deploying Always On VPN infrastructure in Microsoft Azure is included, followed by advanced client configuration and integration with Azure security services. You will know how to implement an Always On VPN infrastructure in a redundant and highly available (HA) configuration along with system maintenance and operational support for the VPN and NPS infrastructure. And you will know how to seamlessly troubleshoot and migrate from DirectAccess to Always On VPN. After reading this book, you will be able to plan, design, and implement a Windows 10 Always On VPN solution to meet your specific requirements.What Will You Learn Prepare your infrastructure to support Windows 10 Always On VPN on premises or in the cloud Provision and manage Always On VPN clients using modern management methods such as Intune Understand advanced integration concepts for extending functionality with Microsoft Azure Troubleshoot and resolve common configuration and operational errors for your VPNWho This Book Is For IT professionals and technology administrators for organizations of all sizesAbout the authorsRichard Hicks is the founder and principal consultant at Richard M. Hicks Consulting, Inc. He is a widely recognized enterprise mobility and security infrastructure expert with more than 25 years of experience implementing secure remote access and Public Key Infrastructure (PKI) solutions for organizations around the world. Richard is a former Microsoft Most Valuable Professional (MVP 2009-2019) and is active in the online community, sharing his knowledge and experience with IT professionals on his blog and through various social media channels. Visit his web site https://www.richardhicks.com/ or connect with him on Twitter @richardhicks.

Implement and support Windows 10 Always On VPN, the successor to Microsoft's popular DirectAccess. This book teaches you everything you need to know to test and adopt the technology at your organization that is widely deployed around the world.
The book starts with an introduction to Always On VPN and discusses fundamental concepts and use cases to compare and contrast it with DirectAccess. You will learn the prerequisites required for implementation and deployment scenarios. The book presents the details of recommended VPN protocols, client IP address assignment, and firewall requirements. Also covered is how to configure Routing and Remote Access Service (RRAS) along with security and performance optimizations. The Configuration Service Provider (CSP) is discussed, and you will go through provisioning Always On VPN to Windows 10 clients using PowerShell and XML as well as Microsoft Intune. Details about advanced client configuration and integration with Azure security services are included. You will know how to implement Always On VPN infrastructure in a redundant and highly available (HA) configuration, and guidance for ongoing system maintenance and operational support for the VPN and NPS infrastructure is provided. And you will know how to diagnose and troubleshoot common issues with Always On VPN.
After reading this book, you will be able to plan, design, and implement a Windows 10 Always On VPN solution to meet your specific requirements.
What Will You Learn Prepare your infrastructure to support Windows 10 Always On VPN on premises or in the cloud Provision and manage Always On VPN clients using modern management methods such as Intune Understand advanced integration concepts for extending functionality with Microsoft Azure Troubleshoot and resolve common configuration and operational errors for your VPN
Who This Book Is For
IT professionals and technology administrators for organizations of all sizes

Implement and support Windows 10 Always On VPN, the successor to Microsoft's popular DirectAccess. This book teaches you everything you need to know to test and adopt the technology at your organization that is widely deployed around the world. The book starts with an introduction to Always On VPN and discusses fundamental concepts and use cases to compare and contrast it with DirectAccess. You will learn the prerequisites required for implementation and deployment scenarios. The book presents the details of recommended VPN protocols, client IP address assignment, and firewall requirements. Also covered is how to configure Routing and Remote Access Service (RRAS) along with security and performance optimizations. The Configuration Service Provider (CSP) is discussed, and you will go through provisioning Always On VPN to Windows 10 clients using PowerShell and XML as well as Microsoft Intune. Details about advanced client configuration and integration with Azure security services are included. You will know how to implement Always On VPN infrastructure in a redundant and highly available (HA) configuration, and guidance for ongoing system maintenance and operational support for the VPN and NPS infrastructure is provided. And you will know how to diagnose and troubleshoot common issues with Always On VPN. After reading this book, you will be able to plan, design, and implement a Windows 10 Always On VPN solution to meet your specific requirements. You will: Prepare your infrastructure to support Windows 10 Always On VPN on premises or in the cloud Provision and manage Always On VPN clients using modern management methods such as Intune Understand advanced integration concepts for extending functionality with Microsoft Azure Troubleshoot and resolve common configuration and operational errors for your VPN

2021-11-25