Designing a VPN solution means ensuring secure and reliable connectivity to network resources. This section focuses on configuring security certificates, firewall, bandwidth usage, and protocols used in the VPN solution.
Remote Access is configured as a role in Windows Server 2012. DirectAccess management has been combined with the traditional Routing and Remote Access Service (RRAS) VPN solution to make management easier and provide the best level of support for the most clients. When the role is installed, several other components are installed, such as the Remote Access Service (RAS) Connection Manager Administration Kit (CMAK) and Internet Information Service (IIS). Windows Server 2012 makes deploying a remote access solution easier with the help of the new Remote Access Getting Started Wizard.
An important step in designing a VPN solution is to plan the overall infrastructure. Included in this step is deciding where the Remote Access server should be placed within the network topology and how it should be configured. You can configure Remote Access with one or two network adapters. If the server is configured with one network adapter, it likely will be behind a network address translation (NAT) device connected to the internal network.
If the server is configured with two network adapters, the server can be configured in an edge scenario with one adapter connected to the external or perimeter network (behind a NAT device or a firewall) and the other adapter connected to the internal network.
When integrating DirectAccess, you need to keep in mind additional addressing considerations because DirectAccess uses IPv6 with IPsec. However, because IPv6 isn’t a requirement, translation services such as 6to4, Teredo, IP-HTTPS, NAT64, and ISATAP automatically provide compatibility for IPv4 networks. These translation technologies have specific firewall considerations, as discussed later in this objective.
