Install-RemoteAccess
Install-RemoteAccess
Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installs DA for remote access (RA) (includes management of remote clients) or for management of remote clients only, and installs VPN (both Remote Access VPN and site-to-site VPN).
Sintaxis
Parameter Set: DirectAccess
Install-RemoteAccess [-DAInstallType] <String> [-ConnectToAddress] <String> [-AsJob] [-CimSession <CimSession[]> ] [-ClientGpoName <String> ] [-ComputerName <String> ] [-DeployNat] [-Force] [-InternalInterface <String> ] [-InternetInterface <String> ] [-NlsCertificate <X509Certificate2> ] [-NlsUrl <String> ] [-NoPrerequisite] [-PassThru] [-ServerGpoName <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: DAPrerequisiteChecks
Install-RemoteAccess -Prerequisite [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: MultiTenant
Install-RemoteAccess [-MultiTenancy] [-AsJob] [-CapacityKbps <UInt64> ] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-MsgAuthenticator <String> ] [-PassThru] [-RadiusPort <UInt16> ] [-RadiusScore <Byte> ] [-RadiusServer <String> ] [-RadiusTimeout <UInt32> ] [-SharedSecret <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: Vpn
Install-RemoteAccess [-VpnType] <String> [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-EntrypointName <String> ] [-IPAddressRange <String[]> ] [-IPv6Prefix <String> ] [-MsgAuthenticator <String> ] [-PassThru] [-RadiusPort <UInt16> ] [-RadiusScore <Byte> ] [-RadiusServer <String> ] [-RadiusTimeout <UInt32> ] [-SharedSecret <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Descripción detallada
The Install-RemoteAccess cmdlet performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installs DA for remote access (RA) (includes management of remote clients) or for management of remote clients only, and installs VPN (both Remote Access VPN and site-to-site VPN).
Prerequisite Checks.
-- Every prerequisite check results in a terminating, non-terminating error, or a warning.
-- The only terminating error condition is DA server not joined to a domain or the Active Directory server not being reachable and it results in the immediate stopping of the cmdlet.
-- If the cmdlet performs only prerequisite checks, then the user is informed about every check that fails, through an appropriate message.
-- If prerequisite checks are performed just before installation, such as the NoPreRequisite parameter is not specified, then the cmdlet performs all checks one after the other without displaying any messages for failed checks. If one or more terminating or non-terminating errors are encountered, then the cmdlet does not proceed with the installation. If all checks pass or only warnings are encountered, then the cmdlet proceeds with installation.
Re-using Existing Configuration.
If one of the remote access technologies is already installed and the cmdlet is used to install the other technology, then it tries to use as much of the configuration of the installed technology as possible and handles any discrepancies between the two technologies. There are separate parameter sets for DA and VPN installation. If the user specifies parameters, that can be re-used from the existing configuration they are ignored. Example: If VPN is already enabled and a user specifies the internal and internet interfaces ,then when installing DA they are ignored and the cmdlets uses the existing VPN interfaces.
Note: This cmdlet cannot be used to move from one DA installation type to another. Run the Set-DAServer cmdlet to move one DA installation type to another.
DA Installation.
-- Client configuration:
---- By default DA is deployed on all domain laptop and netbook computers that belong to the domain specified in the client GPO. This is achieved by adding the Domain Computers AD group as the client SG and creating a WMI filter to filter out devices that are classified as either non-laptops and netbooks. If a client GPO is not specified then the domain of the DA server is used and a client GPO with default name is created in that domain. If the user running the cmdlet does not have the permissions to create the WMI filter, then no client SG is added.
---- Force tunneling is disabled for the clients.
---- This cmdlet does not deploy DA on down-level clients.
-- DA Server configuration.
---- If a GPO with the specified name or default name is not present, then it is created. If it is found, then it is edited with the DA server settings.
---- Selecting the internal and internet interfaces.
------ The internal and internet interfaces can be specified in the cmdlet. If the user wishes to deploy DA in a single network adapter configuration, then the same name should be specified for both interfaces.
------ If one or none of them is specified, then the cmdlet itself selects the appropriate interfaces based on their configuration.
------ If a VPN is already installed and the interfaces were specified during its installation, then the same interfaces are re-used. If the interfaces were not specified during VPN installation, then the user is allowed to manually specify the interfaces or the cmdlet picks them itself.
---- Transition Technologies: IPHTTPS is always enabled. Teredo is enabled only if 2 consecutive IP addresses are found on the internet interface.
---- User authentication: All DA users are authenticated using their domain user name and password.
---- IPv6 deployment in internal network: If a native IPv6 deployment is detected inside corporate network, then its IPv6 prefix is obtained. Otherwise ISATAP is automatically deployed. Note: That ISATAP will not become effective until the DNS is configured to resolve ISATAP.
---- DA is installed in a PKI-less mode, i.e. no IPsec root certificate is required.
---- A certificate is still required for IPHTTPS: If VPN is already installed, then the SSL certificate for SSTP is re-used. If there is no certificate configured for VPN, then the cmdlet looks for an appropriate certificate on the computer (a certificate that matches the ConnectToAddress parameter value) or generates a self-signed certificate.
-- Infrastructure Server configuration.
---- If the NLS location is not specified in the cmdlet, then it is deployed on the DA server by default. The cmdlet looks for a certificate for which the subject name matches the internal interface of the DA server. If an appropriate certificiate cannot be found, then a self-signed certificate is generated.
---- Health checks are not enabled during installation.
---- Application servers are not configured during installation.
---- If an IPv4 address is detected on the internal interface of the DA server, then the DNS64 or NAT64 configuration is enabled on the DA server which enables DA clients to access corporate network resources that have IPv4 address only by allotting v6 addresses to these hosts.
---- This cmdlet also does an auto-discovery of SCCM servers including Domain Controllers and configures them as the Management Servers.
VPN Installation.
-- Authentication configuration.
By default Windows authentication is enabled. This also includes authentication through NPS installed locally on the VPN server. If a RADIUS server is specified, then external RADIUS authentication is used.
-- IP address assignment configuration.
---- IPv4 addressing with DHCP address assignment is enabled by default. If an IP address range is specified, then static pool addressing is used.
---- IPv6 addressing is disabled by default. If an IPv6 prefix is specified, then v6 addressing is enabled and the prefix is used for the addresses.
Parámetros
-AsJob
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-CapacityKbps<UInt64>
Specifies the bandwidth processing capacity of the gateway in Kbps.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-CimSession<CimSession[]>
Ejecuta el cmdlet en una sesión remota o en un equipo remoto. Escriba un nombre de equipo o un objeto de sesión, como la salida de un cmdlet New-CimSession o Get-CimSession. El valor predeterminado es la sesión actual en el equipo local.
Alias |
Session |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-ClientGpoName<String>
Specifies the names of the client GPO. The GPO name is specified in DOMAIN\GPO_NAME format. A domain can be one of the domains deployed in the corporate network.
If a GPO name is not specified, then by default a GPO with following name is created in the domain of the DA server:
-- DirectAccess Client Settings.
Alias |
GpoName |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-ComputerName<String>
Specifies the IPv4 or IPv6 address, or host name, of the computer on which the remote access server computer specific tasks should be run.
Alias |
Cn |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-ConnectToAddress<String>
Specifies the DA server or NAT public address to which the clients connect. Specified as a host name or an IPv4 address. If the address is specified, then is must to be public.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
3 |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-DAInstallType<String>
Specifies the configuration in which DA should be installed. Los valores aceptables para este parámetro son los siguientes:
-- FullInstall: DA is installed for both remote access and for the management of remote clients.
-- ManageOut: DA is installed only for the management of remote clients.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
2 |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-DeployNat
Specifies that DA should be deployed behind a NAT. In a single network adapter configuration scenario the DA server is always deployed behind a NAT and there is no need to specify this parameter.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-EntrypointName<String>
Specifies the identity of a site in a multi-site deployment where VPN needs to be installed. This is required in a scenario where DA with multi-site is already deployed and a user wants to additionally deploy VPN. If this parameter is not specified, then the entry point name to which the server on which the cmdlet is run is used. The server could also be represented using the ComputerName parameter.
If both this parameter and ComputerName parameter are specified and the computer name does not belong to the site represented by the entry point name then this parameter takes precedence and VPN is deployed at the site indicated by it.
Note: A multi-site deployment case VPN can only be installed one site at a time.
Note: In a S2S case, the cmdlet will install it on any one available node in that entry point.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-Force
Fuerza que el comando se ejecute sin pedir confirmación al usuario.
When suppressed, the cmdlet assumes user confirmation for the following conditions.
-- If an appropriate certificate for NLS is not found, then a self-signed certificate is created.
-- If an appropriate SSL certificate is not found, then a self-signed certificate is created.
Note: If the addresses are not static (such as DHCP), then ShouldContinue can be used.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-IPAddressRange<String[]>
Specifies that static pool IPv4 addressing should be enabled. This parameter contains an IP address range, and consisting of a start IP and an end IP, from which IP addresses are allocated to VPN clients.
In a load balancing scenario only static pool IPv4 addressing is supported for a VPN (DHCP address assignment is not supported). This parameter must be specified and an IPv4 address range should be provided for every node in the cluster. This parameter is specified in the following format:
StartIPRange1, EndIPRange1, StartIPRange2, EndIPRange2, StartIPRange3, EndIPRange3, and so on.
The start and end IPs of each of the ranges must be specified one after the other and separated by commas.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-IPv6Prefix<String>
Enables IPv6 address assignment for a VPN and specifies the prefix to use for the addressing.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-InternalInterface<String>
Specifies the name of the corporate network facing interface. In a single network adapter configuration the same name is specified for both internal and internet interfaces.
If a name is not specified, then the cmdlet attempts to detect the internal interface automatically.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-InternetInterface<String>
Specifies the name of the internet facing interface. In a single network adapter configuration the same name is specified for both internal and internet interfaces.
If name is not specified, then this cmdlet attempts to detect the internet interface automatically.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-MsgAuthenticator<String>
Specifies that the usage of message authenticator should be enabled or disabled. Los valores aceptables para este parámetro son los siguientes:
-- Enabled.
-- Disabled.
The default value is Disabled.
This parameter is applicable only when a RADIUS server is being configured for authentication.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
Disable |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-MultiTenancy
Indicates that multitenancy is enabled for the service.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
3 |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByValue) |
¿Aceptar caracteres comodín? |
false |
-NlsCertificate<X509Certificate2>
Specifies that the Network Location Server (NLS) should be configured on the DA server itself and represents the certificate to be used. The subject name of the certificate should resolve to an address on the internal interface of the DA server.
Alias |
Certificate |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByValue) |
¿Aceptar caracteres comodín? |
false |
-NlsUrl<String>
Specifies that the NLS is present on a different server and represents the URL on the server that will be used to provide clients with location information.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-NoPrerequisite
Specifies that a prerequisite check should not be performed for DA.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-PassThru
Devuelve un objeto que representa el elemento con el que está trabajando. De forma predeterminada, este cmdlet no genera ningún resultado.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-Prerequisite
Specifies that prerequisite checks should be performed. This parameter is part of a separate parameter set used to only run the prerequisite checks for DA.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-RadiusPort<UInt16>
Specifies the port number on which the RADIUS server is accepting authentication requests.
The default value is 1813.
This parameter is applicable only when a RADIUS server is being configured for authentication.
Alias |
Port |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
1813 |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-RadiusScore<Byte>
Specifies the initial score for the RADIUS server.
The default value is 30.
This parameter is applicable only when a RADIUS server is being configured for authentication.
Alias |
Score |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
30 |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-RadiusServer<String>
Specifies the IPv4 or IPv6 address, or host name, of the RADIUS server that is to be used for authentication. Specifying this parameter indicates that RADIUS authentication should be used for VPN.
Alias |
ServerName |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-RadiusTimeout<UInt32>
Specifies the timeout value for the RADIUS server, in seconds.
The default value is 5 seconds.
This parameter is applicable only when a RADIUS server is being configured for authentication.
Alias |
Timeout |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
5 |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-ServerGpoName<String>
Specifies the name of the GPO for the DA server. Specified in the format DOMAIN\GPO_NAME.
If a name is not specified, then a GPO with the following name is created in the domain of a DA server:
-- DirectAccess Client Settings.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-SharedSecret<String>
Specifies the shared secret between the RA server and the specified external RADIUS server, which is required for successful communication between the two servers. Note: The secret is specified in plain text.
It is mandatory to specify this parameter if a RADIUS server is being configured for authentication.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-ThrottleLimit<Int32>
Especifica el número máximo de operaciones simultáneas que se pueden establecer para ejecutar el cmdlet. Si se omite este parámetro o es especifica un valor de 0, Windows PowerShell ® calcula un límite óptimo para el cmdlet en función del número de cmdlets de CIM que se estén ejecutando en el equipo. El límite solo se aplica al cmdlet actual, no a la sesión ni al equipo.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-VpnType<String>
Specifies the type of VPN installation. Los valores aceptables para este parámetro son los siguientes:
-- Vpn.
-- VpnS2S.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
2 |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
True (ByPropertyName) |
¿Aceptar caracteres comodín? |
false |
-Confirm
Solicita confirmación antes de ejecutar el cmdlet.
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
falso |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-WhatIf
Muestra lo que sucedería si se ejecutara el cmdlet. El cmdlet no se ejecuta.
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
falso |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
<CommonParameters>
Este cmdlet admite los siguientes parámetros comunes: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer y -OutVariable. Para obtener más información, consulte about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Entradas
El tipo de entrada es el tipo de los objetos que se pueden canalizar al cmdlet.
- None
Salidas
El tipo de resultado es el tipo de objetos que emite el cmdlet.
Microsoft.Management.Infrastructure.CimInstance#RemoteAccessCommon
El objeto
Microsoft.Management.Infrastructure.CimInstancees una clase contenedora que muestra objetos de Instrumental de administración de Windows (WMI). La ruta de acceso después del signo de número (#) proporciona el espacio de nombres y el nombre de clase del objeto WMI subyacente.
The RemoteAccessCommon object consists of the following properties:
-- The status of DirectAccess: installed or uninstalled.
-- The status of VPN: installed or uninstalled.
-- The status of site-to-site VPN: installed or uninstalled.
-- The status of load balancing: enabled or disabled.
-- The name of the internet-facing interface of the Remote Access server.
-- The name of the internal-facing interface of the Remote Access server.
-- The SSL certificate which is used for IP-HTTPS and SSTP.
Ejemplos
EXAMPLE 1
This example logs in as a test user who is not a domain user or an administrator on the server. This results in the error specifying that DA can only be configured by a user with local administrator permissions.
PS C:\> Install-RemoteAccess –PreRequisite
EXAMPLE 2
This example installs DA to allow remote clients to connect to corporate network. This cmdlet searches for Internet interface and Internal interfaces. If it finds both these interfaces (as in this example), the cmdlet configures DA in edge topology. In case the cmdlet does not find a public interface and the DeployNat parameter is not specified, the cmdlet will display the following error.
PS C:\> $remAccess = Install-RemoteAccess -DAInstallType FullInstall -ConnectToAddress edge1.contoso.com -PassThru
Note: The cmdlet automatically creates a Server and a Client GPO with Default names in the domain to which the current computer is connected. The Client GPO will be filtered on Domain Computers Security Group by default. The default settings can be modifed using Set-DAClient.
This cmdlet will prompt the user that IPsec and Firewall Policies will be updated. It will automatically try and locate a certificate for NLS and IP-HTTPS (SSL cert), in case it does not find these the cmdlet will prompt the user to create a self-signed certificate for the ones not found.
PS C:\> $remAccess.DAStatus
EXAMPLE 3
This example will deploy DA behind another edge device (NAT box). In the example setup, the DA server has a single network adapter connected to the corporate network named corp.contoso.com. Note: The public interface of the NAT device is the one used in ConnectToAddress parameter. For a single network adapter behind NAT topology, the InternalInterface and InternetInterface parameters need to be mentioned, or the cmdlet will display an error that an external interface was not found.
PS C:\> Install-RemoteAccess -DAInstallType FullInstall -ConnectToAddress nat1.contoso.com -InternalInterface 'Internal Connection' -InternetInterface 'Internal Connection' –DeployNat
EXAMPLE 4
This example uses the ManageOut mode, the network administrators can use DA to provision and manage remote computers without the need of the user to be logged on to the computer. In this mode, however, the clients will not be able to connect to corporate network via DA.
PS C:\> Install-RemoteAccess -DAInstallType ManageOut -ConnectToAddress edge1.contoso.com
EXAMPLE 5
This example installs standard VPN on the current computer. The Ipv6Prefix parameter contains the IPv6 prefix which would be used while assigning v6 addresses to the client. The IPAddressRange parameter is used to allocate a static pool of v4 addresses which will be used to assign v4 addresses to the clients connecting to the corporate network.
PS C:\> Install-RemoteAccess -VPNType VPN -IPv6Prefix 4ffe::/64 -IPAddressRange 10.0.0.100,10.0.0.200
EXAMPLE 6
This example installs a VPN with radius server authentication. In this setup, radius.contoso.com is the RADIUS server and port 1812 is used to connect. Since we are using Radius authentication, the SharedSecret parameter is mandatory.
PS C:\> Install-RemoteAccess -VPNType VPN -IPv6Prefix 4ffe::/64 -IPAddressRange 10.0.0.100,10.0.0.200 -RadiusPort 1812 -RadiusServer radius.contoso.com -SharedSecret s3cret
EXAMPLE 7
This example sets up a site-to-site VPN. The first step is to import the ServerManager module and add the Routing feature. This cmdlet is used to configure the site-to-site VPN. The IPv6Prefix parameter is required to enable IPv6 here. The Add-VPNS2SInterface cmdlet is used to configure endpoints.
PS C:\> ipmo ServerManager
PS C:\> Add-WindowsFeature -Name routing –IncludeManagementTools
PS C:\> ipmo remoteaccess
PS C:\> Install-RemoteAccess -VpnType S2SVPN -IPv6Prefix fe80::/64 -PassThru
PS C:\> Add-VpnS2SInterface –Name EDGE1 -Destination 131.107.0.20 -Protocol IKEv2 -AuthenticationMethod PSKOnly -SharedSecret abc -IPv4Subnet 10.2.0.0/24:100 -IPv6Subnet 2001:db8:2::/64:100
Temas relacionados
Add-VPNS2SInterface