Skip to content

Step by Step : Network Access Protection (NAP) Deployment in Windows Server 2012 R2 – Part 4 of 7 (Configure Connection Request Policies for VPN)

July 26, 2014

This is my Part 4 of 7 of NAP deployment, which is how to configure connection Request Policies for VPN

Before we start, lets go through a bit there & here about Connection Request Policy…

“Connection request policies are sets of conditions and settings that allow network administrators to designate which RADIUS servers perform authentication and authorization of connection requests that the NPS server receives from RADIUS clients. You can configure connection request policies to designate which RADIUS servers to use for RADIUS accounting.

With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on a variety of factors, including:

  • The time of day and day of the week.
  • The realm name in the connection request.
  • The connection type that you are requesting.
  • The RADIUS client’s IP address.

More information :

In my Part 3, which is Configure Network Policy, we manage to configure health policy for our NAP, now lets continue the step how to configure connection Request Policies for VPN…

I will continue this step with the same Server from previous Part 1 which is OSI-NPS…

1 – On OSI-NPS Server, open Network Policy Server, click Connection Request Policies and then disable both of the default Connection Request policies under Policy Name…


2 – then right-click Connection Request Policies, and then click New


3 – On the Specify Connection Request Policy Name And Connection Type interface, in the Policy name box, type OSI-VPN connections, under Type of network access server, choose Remote Access Server (VPN-Dial up), and then click Next…


4 – On the Specify Conditions interface, click Add…


5 – In the Select Condition dialog box, double-click Tunnel Type


6 – In the Tunnel Type interface, click L2TP, PPTP & SSTP, then click OK…


7 – Under Specify Condition, verify that Tunnel Type is listed and then click Next…


8 – On the Specify Connection Request Forwarding interface, verify that Authenticate requests on this server is selected, and then click Next…


9 – On the Specify Authentication Methods interface, click the Override network policy authentication settings check box, under EAP Types area, click Add then in the Add EAP dialog box, under Authentication methods, click Microsoft: Protected EAP
(PEAP), and then click OK…


10 – Under EAP Types, click Add again…


11 – In the Add EAP dialog box, under Authentication methods, click Microsoft: Secured password (EAP-MSCHAP v2), and then click OK…


12 – Under EAP Types, click Microsoft: Protected EAP (PEAP), and then click Edit, verify that Enforce Network Access Protection is selected, and then click OK…


13 – Click Next to proceed…



14 – Under Configure settings, click Next…


15 – Under Completing Connection Request Policy Wizard, verify the Policy condition and Policy Settings and then click Finish…



We done for now, i will continue later for Part 5, which is Configure a VPN Server access…


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: