Implementing always on VPN : modern mobility with Microsoft Windows 10 and Windows Server 2022 / / Richard M. Hicks
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Autore: |
Hicks Richard M.
|
| Titolo: |
Implementing always on VPN : modern mobility with Microsoft Windows 10 and Windows Server 2022 / / Richard M. Hicks
|
| Pubblicazione: | [New York] : , : Apress, , 2022 |
| Descrizione fisica: | 1 online resource (xxvi, 357 pages) : illustrations (some color) |
| Disciplina: | 650.028546 |
| Soggetto topico: | Extranets (Computer networks) |
| Microsoft software | |
| Note generali: | Includes index. |
| Nota di contenuto: | Intro -- Table of Contents -- About the Author -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Chapter 1: Always On VPN Overview -- VPN -- DirectAccess -- Demise of DirectAccess -- DirectAccess Replacement -- Always On VPN -- Always On VPN Infrastructure -- Routing and Remote Access Service -- Network Policy Server -- Infrastructure Independent -- Modern Management -- Cloud Integration -- Summary -- Chapter 2: Plan for Always On VPN -- VPN Server -- Windows Server -- Domain Join -- Server Core -- Network Interfaces -- Network Placement -- IPv6 -- Non-Microsoft VPN Devices -- IKEv2 -- Windows Store Client -- Authentication Server -- Windows Server -- PKI -- VPN Protocols -- IKEv2 -- SSTP -- L2TP -- PPTP -- Certificates -- SSTP -- IKEv2 -- NPS -- User Authentication -- Device Authentication -- TPM -- VPN Client IP Addressing -- DHCP -- Static Pool -- Address Range -- IPv4 Subnet -- IPv6 Prefix -- Split vs. Force Tunneling -- Split Tunnel -- Force Tunnel -- Firewall Configuration -- IKEv2 -- SSTP -- NAT Configuration -- Client Provisioning -- Microsoft Endpoint Manager -- PowerShell -- MECM -- Co-management -- Summary -- Chapter 3: Prepare the Infrastructure -- Security Groups -- Certificates -- Certificate Templates -- VPN Server -- NPS Server -- User Authentication -- Device Authentication -- Kerberos Authentication -- Issue Certificate Templates -- Issuing CA Servers -- Certificate Autoenrollment -- Autoenrollment GPO -- Summary -- Chapter 4: Configure Windows Server for Always On VPN -- Network Policy Server -- Preparation -- Install NPS -- Configure NPS -- RADIUS Client -- Network Policy -- Routing and Remote Access Service Server -- Preparation -- Network Configuration -- Single NIC -- Dual NIC -- External Interface -- Internal Interface -- Static Routes -- Certificates -- IKEv2 IPsec Certificate. |
| Server GUI Domain-Joined -- Server GUI Non-Domain Joined -- Export CA Certificates -- Import CA Certificates -- Generate CSR -- Request Certificate -- Server Core Domain-Joined -- Create INF File -- Create CSR -- Server Core Non-Domain Joined -- SSTP Certificate -- Install RRAS -- Install RSAT -- Windows Server -- Windows 10 -- Configure RSAT -- Configure RRAS -- Optimize RRAS -- IKEv2 Settings -- IPsec Parameters -- IKEv2 Fragmentation -- IKEv2 Root Certificate -- IKEv2 CRL Check -- TLS Configuration -- Summary -- Chapter 5: Provision Always On VPN Clients -- Validation Testing -- Verify Certificates -- Test Profile -- VPN Settings -- Authentication Settings -- Network Settings -- Routing -- IPsec Policy -- Test Connection -- SSTP -- IKEv2 -- Device Authentication -- Profile Deployment -- Microsoft Endpoint Manager -- Profile Configuration -- User Tunnel -- Device Tunnel -- Additional Configuration -- Custom XML -- XML Configuration -- Endpoint Manager -- PowerShell Script -- User Tunnel -- Device Tunnel -- SCCM -- Group Policy -- Group Policy Object -- Policy Settings -- Summary -- Chapter 6: Advanced Configuration -- Name Resolution Policy Table -- Configure NRPT -- Proxy Server -- Global Explicit Proxy -- Global Proxy Autoconfiguration -- Namespace Proxy -- Caveat -- Traffic Filtering -- Direction -- Application Filtering -- Desktop Application Filter -- Windows Store Application Filter -- SYSTEM Application Filter -- LockDown VPN -- LockDown Limitations -- Configure LockDown VPN -- Deleting LockDown VPN -- Summary -- Chapter 7: Cloud Deployments -- Azure VPN Gateway -- Advantages -- Disadvantages -- Requirements -- Gateway SKUs -- Site-to-Site Compatibility -- Azure VPN Gateway Configuration -- User Tunnel -- NPS Configuration -- Gateway Configuration -- Client Configuration -- Device Tunnel -- Root Certificate -- Gateway Configuration. | |
| Client Configuration -- IKEv2 Cryptography -- Update Azure VPN IPsec Policy -- Update Client Policy -- Azure Virtual WAN -- Advantages -- Disadvantages -- Requirements -- Azure Virtual WAN Configuration -- Virtual WAN Hub -- Certificate Authentication -- RADIUS Authentication -- Point-to-Site Connection -- VNet Connection -- Client Configuration -- Windows Server RRAS -- Supportability -- Azure RRAS Configuration -- Public IP Address -- Inbound Traffic -- Client IP Subnet -- IP Forwarding -- Routing -- Third-Party VPN in Azure -- Summary -- Chapter 8: Deploy Certificates with Intune -- Deployment Options -- PKCS -- SCEP -- PKCS Certificates -- CA Permissions -- Certificate Template -- Install Certificate Connector for Intune -- PKCS Intune Configuration -- Export CA Certificates -- Deploy CA Certificates -- PKCS User Certificate -- PKCS Device Certificate -- SCEP Certificates -- Service Account -- CA Permissions -- Certificate Template -- Install NDES -- Configure NDES -- Publish NDES -- NDES TLS Certificate -- Install Intune Certificate Connector -- SCEP User Certificate -- SCEP Device Certificate -- Summary -- Chapter 9: Azure MFA Integration -- Azure MFA -- Is MFA Necessary? -- Risk Mitigation -- Certificate Authentication -- Additional Considerations -- Recommendation -- Azure MFA with NPS -- Requirements -- Install NPS Extension -- Update RRAS Authentication -- Certificate Management -- Troubleshooting Script -- Azure Conditional Access -- Requirements -- Configure Azure Conditional Access -- VPN Root Certificate -- Publish Certificate -- Verify Certificates -- NPS Configuration -- Update NPS Policy -- Conditional Access Policy -- Create Policy -- Client Configuration -- Endpoint Manager UI -- EAP Configuration -- Custom XML -- Third-Party MFA -- Summary -- Chapter 10: High Availability -- VPN High Availability -- Prerequisites -- Windows NLB. | |
| Limitations -- Configure NLB -- Create NLB Cluster -- Add Cluster Nodes -- Server Core -- External Load Balancer -- External Load Balancer Configuration -- NPS High Availability -- Prerequisites -- Update Client Configuration -- Update VPN Configuration -- NPS Load Balancing -- DNS Alias -- External Load Balancer -- Certificate Configuration -- Geographic Load Balancing -- Azure Traffic Manager -- Azure Traffic Manager and IKEv2 -- Azure Traffic Manager Profile -- Validation Testing -- DNS Alias -- Summary -- Chapter 11: Monitor and Report -- RRAS Management Console -- Adding Servers -- Firewall Requirements -- System Health -- User Activity -- Remote Access Management Console -- Overview -- System Health -- User Activity -- Customize Headings -- Reporting -- PowerShell -- System Health -- User Activity -- Log Files -- Disconnecting Sessions -- Management Consoles -- PowerShell -- Permanent Disconnects -- User Connections -- Device Connections -- Summary -- Chapter 12: Troubleshooting -- Common Error Codes -- 809 -- Common Causes -- Testing -- Port Probe -- Network Trace -- 812 -- Group Membership -- Authentication Type -- NPS Communication -- Azure Conditional Access -- Event Logs -- Other Causes -- 13801 -- Testing -- 13806 -- Missing Client Certificate -- Missing Server Certificate -- 13868 -- VPN Server -- VPN Client -- Registry Setting -- NPS Configuration -- 853 -- Missing Certificate -- 858 -- 864 -- Certificate Assignment -- Root Certificate -- 798 -- Permissions -- TPM -- Other Known Issues -- Clients Prompted for Authentication -- RRAS Service Won't Start -- Load Balancing and NAT -- SSTP Connect/Disconnect -- Custom Cryptography Settings Ignored -- Summary -- Index. | |
| Sommario/riassunto: | Implement and support Windows 10 Always On VPN, the successor to Microsoft's popular DirectAccess. This book teaches you everything you need to know to test and adopt the technology at your organization that is widely deployed around the world. The book starts with an introduction to Always On VPN and discusses fundamental concepts and use cases to compare and contrast it with DirectAccess. You will learn the prerequisites required for implementation and deployment scenarios. The book presents the details of recommended VPN protocols, client IP address assignment, and firewall requirements. Also covered is how to configure Routing and Remote Access Service (RRAS) along with security and performance optimizations. The Configuration Service Provider (CSP) is discussed, and you will go through provisioning Always On VPN to Windows 10 clients using PowerShell and XML as well as Microsoft Intune. Details about advanced client configuration and integration with Azure security services are included. You will know how to implement Always On VPN infrastructure in a redundant and highly available (HA) configuration, and guidance for ongoing system maintenance and operational support for the VPN and NPS infrastructure is provided. And you will know how to diagnose and troubleshoot common issues with Always On VPN. After reading this book, you will be able to plan, design, and implement a Windows 10 Always On VPN solution to meet your specific requirements. You will: Prepare your infrastructure to support Windows 10 Always On VPN on premises or in the cloud Provision and manage Always On VPN clients using modern management methods such as Intune Understand advanced integration concepts for extending functionality with Microsoft Azure Troubleshoot and resolve common configuration and operational errors for your VPN. |
| Titolo autorizzato: | Implementing Always on VPN |
| ISBN: | 1-4842-7741-4 |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9910522990603321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |