Always On VPN – Design

Below workflow diagram that will be used to follow to implement this solution – Detailed workflow for deploying Always-On VPN connections for remote domain-joined Windows 10 client computers.

Planning And Design

This blog series assume that you have following already in place:

• Windows Server 2016 Domain Controller
• Public Key Infrastructure (PKI) and Active Directory Certificate Services (AD CS).
• A public certificate with a specific URL (remote.harrmikbatth.lab)
• A perimeter network firewalls.
  • One before the Perimeter Network
  • One after the Perimeter network, toward internal network
• Remote client computers must be joined to the Active Directory domain.
• Remote client computers must be running the Windows 10 Anniversary Update (version 1803) or later operating system.
• VM with two Network Cards in DMZ
  • External facing Network with Public IP Address
  • Internal Facing Network with Internal IP
    • This Internal Facing network needs to have full access to the internal network including any no https inspection.
• Install new NPS as a RADIUS server on a server or VM.
• VPN Connection type to be used
  • Internet Key Exchange version 2 (IKEv2)
  • SSTP (To allow Home Wifi, Airport and Guest Public Wifi’s)
• Forced Tunnel will be used.
• User authentication
  • By using user certificates, the Always On VPN client connects automatically, but it does so at the user level (after user sign-in) instead of at the device level (before user sign-in).
• Remote Clients will be using DHCP Range
• You must allow appropriate Firewall rules to
  • Depending on your network environment, you might need to make several routing modifications.

Workflow Diagram

Previous Post –
Always-on-vpn-using-windows-server-2016-and-windows-10-clients/

Next Follow – Always On VPN Technology Overviews