Remote Access Always-On VPN Deployment

Following sections will be used to deploy Always On VPN connections for remote Windows 10 client computers that are joined to your domain.

1. Configure the Always On VPN Server Infrastructure

You can use this topic to complete the following steps.

• On a server configured with Active Directory Domain Services: Enable certificate autoenrollment in Group Policy for both computers and users, create the VPN Users Group, the VPN Servers Group, and the NPS Servers Group, and add members to each group.
• On an Active Directory Certificate Server CA: Create the User Authentication, VPN Server Authentication, and NPS Server Authentication certificate templates.
• On domain-joined Windows 10 clients: Enroll and validate user certificates.

2. Configure the Remote Access Server for Always On VPN

You can use this topic to complete the following steps.

• Enroll and validate the VPN server certificate
• Install and configure Remote Access VPN

3. Install and Configure the NPS Server

You can use this topic to complete the following steps.

• Install and configure NPS server as a RADIUS server.
• Enroll and validate the NPS server certificate

4. Configure DNS and Firewall Settings for Always On VPN

You can use this topic to complete the following steps.

• Configure DNS, Internal Perimeter Network Firewall, and Edge Firewall settings.

5. Configure Windows 10 Client Always On VPN Connections

You can use this topic to complete the following steps.

• Configure the Remote Access Always On VPN client by using Windows PowerShell, Microsoft System Center Configuration Manager, or Intune.