Best Practices Analyzer for RRAS: Configuration
Applies To: Windows Server 2008 R2
The topics in this section can help you bring Routing and Remote Access Service (RRAS) that is running on Windows Server 2008 R2 into compliance with configuration best practices. Content in this section is most valuable to administrators who have completed a Best Practices Analyzer scan of RRAS and who want information about how to interpret and resolve scan results that identify areas of RRAS that are noncompliant with configuration best practices.
Best Practices Analyzer and configuration rules
The Best Practices Analyzer applies configuration rules to identify settings that might require modification for RRAS to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages or prevent RRAS from carrying out its prescribed duties in an enterprise.
For more information about Best Practices Analyzer and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).
Topics in this section
RRAS: At least one network interface should be enabled on the RRAS server
RRAS: The network interface <adapter name> on the RRAS server should be enabled
RRAS: At least one network interface on the RRAS server must be reachable
RRAS: The network interface <adapter name> on the RRAS server should be reachable
RRAS: To use RRAS server as an IPv4 router, IPv4 forwarding must be enabled
RRAS: To use RRAS server as an IPv6 router, IPv6 forwarding must be enabled
RRAS: IPv6 routing should be enabled on the server for routing protocols like DHCP Relay to run
RRAS: The number of ports available for use by this tunneling protocol should be greater than 0
RRAS: To use IKEv2 behind a NAT router, the certificate subject name must match the NAT address
RRAS: To use SSTP behind a NAT router, the certificate subject name must match the NAT address
RRAS: Demand dial interface <interface name> should support encryption of the data
RRAS: The IPv4 DHCP Relay Agent should be configured with at least one DHCP server
RRAS: The IPv6 DHCPv6 Relay Agent should be configured with at least one DHCP server
RRAS: At least one interface in the IPv4 DHCP Relay Agent must have 'Relay DHCP packets' enabled
RRAS: At least one interface in the IPv6 DHCPv6 Relay Agent must have 'Relay DHCP packets' enabled
RRAS: Only one certificate for IKEv2 should have IKE_INTERMEDIATE in its EKU property
RRAS: Use authentication protocols that are considered more secure than PAP, CHAP, or MS-CHAPv2