Windows Certificate Based Remote Access

Qualification Questions

Is configuration and/or changes of/to both internal and external domain name system (dns) zones required? If so, how many one(1) internal dns zone and one(1) external dnz zones?
Is deploy and configure network policy server (nps) required? If so, how many network policy server (nps)?
Is deploy single tenant remote access as a ras gateway vpn server required? If so, how many ras gateways?
Is configuration of firewall for both vpn and/or radius communications required? If so, how many perimeter networks?
Is configure one(1) xml vpn connection profile required? If so, how many connection profiles?
Is solution design and project planning required? If so, how many deployments?
Is configure radius authentication required? If so, how many raduis servers?
Is group policy changes for certificate enrollment required? If so, how many ca servers?
Is creation of required groups and assigning users via csv import required? If so, how many 3 groups?
Is client procured gov windows server license 2 core required? If so, how many 2 core licenses?

Example Project Plan

  • Create the VPN Users, VPN Servers, and NPS Servers Groups
  • Create the User Authentication, VPN Server Authentication, and NPS Server Authentication certificate templates
  • Enable certificate autoenrollment in Group Policy for both computers and users
  • Install Network Policy Server (NPS)
  • Register the NPS Server in Active Directory
  • Configure RADIUS Accounting for your NPS Server
  • Autoenroll the NPS Server certificate
  • Add the VPN Server as a RADIUS Client in NPS
  • Configure Network Policy in NPS
  • Enroll and validate user certificates
  • Enroll and validate the VPN server certificate
  • Install and configure Remote Access VPN
  • Always On VPN Firewall Changes
  • Configure Internal DNS Changes
  • Configure External DNS Changes
  • Configure Windows 10 Client Always On VPN Connection Profile
  • Always On VPN Active Directory Review
  • Always On VPN DNS and Networking Review
Solution Design
  • Always On VPN Firewall and DMZ Planning
  • Always On VPN Windows Server Planning
  • Always On VPN Solution Design Outline Creation
Design Review
  • Always On VPN Solution Design Review

Last modified August 2, 2022