Install and configure Routing and Remote Access on Windows Server 2008 R2

Routing and Remote Access service on Windows Server 2008 R2 allows you to enable and configure dial-in access or VPN access. End users could utilize these remote access services to connect to corporate network while they’re on a trip or from home. There are two options for end users to connect to corporate network depend on their connection type. If end users have access to the Internet, then VPN is the best choice. And if end users have access only to a land line phone, dial-in access is the best choice.

Both VPN and dial-in are provided by Routing and Remote Access service on Windows Server. In Windows Server 2008 R2, this service is called Network Policy and Access Services.

In this tutorial, I will show you how to enable and configure a Windows Server 2008 R2 as a Network Policy and Access Services server. The overall configuration process includes

  • Add Role to the server
  • Configure Network Policy and Access Services
  • Configure a network range for VPN clients
  • Configure Network Policies

Let’s start with the first step, adding Routing and Remote Access service to this server.

Add Role to the server

    1. Open Server Manager console, click Add Roleson the right hand side pane

Server Manager to add roles

    1. Click Next to skip the message Before You Begin regarding some required standard configuration.
Standard configuration for a VPN server
Before you begin, make sure your server has a static IP, and at least, has 1 network interface (of course). If you’re using a private IP and have a need to let end users connect from the Internet, static NAT or port mapping is needed.

In this scenario, my server has only 1 single network interface.

  1. Select Network Policy and Access Servicescheck boxAdding Network Policy and Access Services
  2. Click Next 
  3. Click Next again. The wizard will mention about RADIUS server, but you won’t need it in this case because the VPN server is a part of a domain (as a member server); therefore, all domain accounts are eligible to dial-in using VPN. We will limit the access by using a Windows Group. This will be done at the last step.
  4. Select Routing and Remote Access Services. You also need to select two sub-selection, Remote Access Services and Routing. You will need these two services to enable this server to work as a remote access server and as a router. Routing service facilitates the server as a real router with the support of RIP, multicast, and NAT.Adding Routing and Remote Access
  5. Click Next
  6. Click Install and let the wizard finish the rest.
  7. Click Close to go back to Server Manager console.
Pages: 1 2 3 4

About The Author

Hao Nguyen

Hao Nguyen

Hello! I'm Hao Nguyen and I'm currently working as a Network Engineer for a small firm in Houston. I enjoy writing technical documents and blog, such as


  1. Daniel lagu says:

    this was useful thank you to give us this wonderful topic about Routing and remote access hope you send me your web site I’m new student in this field.

  2. Paul Sheaf says:

    Do you have a tutorial on how to access this VPN from a remote location?

  3. Peter King says:

    Great job – consise, acurate and easy to follow. After looking at several sites for this configuration process yours was the one I could follow all the way from start to finish without having to look into another subject (the only issue I had was site related where the next page buttons were not obvious).

Leave a Reply