Table of Contents
Advertisement
Support Email – enter the email account that will receive diagnostic reports created
ii.
by the
Allow local name resolution – select to allow users to temporarily disconnect the
iii.
intranet connection and use local DNS servers for Internet traffic.
Notes:
Enable for mobile computers only – allow only mobile computers in the specified
iv.
security groups to connect through DirectAccess.
Important: Remote Access will create a WMI filter that will only allow mobile
computers to join DirectAccess security groups. This setting requires that the
administrator account configured for Remote Access have create/modify privileges.
Enable Windows 7 Client Support – select for environments that require support for
v.
Windows 7 clients.
IPsec Root Certificate – conditional; designate a certificate to validate
vi.
authentication for client connections; required for Windows 7 users, and
recommended for Windows 8. See the following:
Intermediate CA – select if the certificate was not imported from the domain root CA.
vii.
viii.
Click Next.
2. Finish – review the settings; click Next to configure.
Configure VPN services only
1. VPN
a. Address Assignment
Assign addresses automatically – use DHCP to assign client addresses.
i.
Assign addresses from a static address pool – enter a range of IP addresses that
ii.
RRAS will assign to clients when they connect to the network.
b. Authentication
Use Windows Authentication – use AD to authenticate users.
i.
Use RADIUS Authentication – configure VPN connections to use RADIUS
ii.
authentication.
35
DirectAccess Diagnostics
• Force tunneling must be disabled to employ this feature.
• The infrastructure connection remains active, so manage out capabilities are
not affected.
• If GPOs are used to push security certificates to domain servers, use the
Certificate drop menu to select the certificate issued from the domain root CA.
• If the certificate needs to be added manually, use the import feature:
1. Click the Import button.
a. Certificate Import – navigate to and select the certificate that
will be used for authentication.
b. Password – enter the certificate passphrase.
c. Click the Import button.
2. The imported certificate should display in the Certificate field. If not,
use the drop menu to select it.
Enter the start and end IP addresses to define the range.
1. Radius Server – designate the server name or IP address.
2. Shared Secret – create a secret to authenticate communication between the
appliance and RADIUS server.
3. Confirm – confirm the shared secret.
4. Timeout – the default is usually sufficient, but the duration the appliance will
try to connect to the RADIUS server can be customized as necessary.
5. Score – the default is usually sufficient, but the initial responsiveness score
can be customized as necessary.
6. Port – the default is UPD 1812 for authentication. Legacy RADIUS servers
may use 1646.
7. Always use the same message authenticator – select if the attribute
Request must contain the Message Authenticator attribute has been
configured on the RADIUS server.
tool.
E Series Installation Guide
Advertisement
Table of Contents
