Microsoft Always On VPN is a feature in Windows Server and Windows 10 and later that provides a seamless and secure remote access solution for users and devices. It allows users to connect to their corporate network from anywhere, ensuring a persistent and always-on connection. Always On VPN offers several features and functions to enhance security and ease of use. Here’s a detailed description of these features and a step-by-step guide on how to configure Always On VPN:
Features and Functions:
- Seamless Connectivity:
- Always On VPN automatically connects users to the corporate network when they have internet access, ensuring a continuous connection.
- Secure Remote Access:
- It provides a secure and encrypted connection through protocols like IKEv2 and SSTP, safeguarding data during transit.
- Single Sign-On (SSO):
- Users can enjoy a seamless sign-in experience by using their Windows credentials, eliminating the need to repeatedly enter their credentials.
- Device Tunnel and User Tunnel:
- Always On VPN supports both device tunnel (computer-based) and user tunnel (user-based) configurations for various use cases.
- Authentication Methods:
- It supports various authentication methods, including username and password, smart cards, certificates, and multi-factor authentication (MFA).
- Connection Profiles:
- Administrators can configure different connection profiles for specific user groups, allowing granular control over access.
- Split Tunneling:
- Administrators can define which traffic should be sent through the VPN tunnel and which can use the local internet connection.
- Traffic Filters:
- Traffic filters enable administrators to restrict or allow specific network traffic based on user, device, or application.
- Health Attestation:
- Always On VPN can perform health attestation checks, ensuring that devices meet specific security requirements before granting access.
- Automatic VPN Reconnect:
- It automatically reconnects to the corporate network after network disruptions or changes in the user’s location.
Step-by-Step Guide to Configure Always On VPN:
Configuring Always On VPN requires a Windows Server and Windows 10 or later clients. Here’s a high-level step-by-step guide:
Server Configuration:
- Install and Configure a Remote Access Server:
- On your Windows Server, install the Remote Access role and configure it with the Remote Access Management Console.
- Set Up Routing and Remote Access:
- Configure Routing and Remote Access to use VPN, and enable the Always On VPN option.
- Configure Certificate Services:
- Set up a certificate authority (CA) and issue computer and user certificates.
- Create Connection Profiles:
- Define connection profiles that specify the VPN server address, authentication methods, and other settings.
- Configure Network Policies:
- Create network policies that define who can connect to the VPN and the conditions under which they can connect.
Client Configuration:
- Install Client Certificates:
- Install user and device certificates on client devices.
- Configure VPN Connection:
- On Windows 10 clients, open the Settings app, go to Network & Internet, and set up a VPN connection using the connection profile created on the server.
- User Configuration:
- Configure user settings on the client device, such as selecting the VPN connection type (device tunnel or user tunnel) and enabling single sign-on.
- Connect to VPN:
- Users can connect to the VPN from the Windows 10 client by clicking on the VPN connection and entering their credentials.
Once configured, the Always On VPN will provide a persistent, secure, and user-friendly remote access solution. Users will be able to connect seamlessly, and administrators can enforce security policies and traffic filtering to protect the corporate network.