Configure a VPN Client Connection for NAP

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

The following procedure provides instructions for configuring a VPN connection on a NAP client computer that will connect to a NAP-enabled VPN server. You can also use Group Policy Preferences to deploy VPN connection settings with Group Policy. For more information, see Configure a Virtual Private Network Connection Item (

Any user account can be used to complete this procedure.

Configure a VPN client connection for NAP

To configure a VPN client connection for NAP

  1. On a NAP client computer, click Start, right-click Network, and then click Properties.

  2. Click Set up a connection or network.

  3. On the Choose a connection option page, click Connect to a workplace, and then click Next.

  4. On the How do you want to connect page, click Use my Internet connection (VPN).

  5. Click I'll set up an Internet connection later.

  6. On the Type the Internet address to connect to page, next to Internet address, type the public IP address of the VPN server (for example, Next to Destination name, type a name (for example, Woodgrovebank). Select the Allow other people to use this connection check box, and then click Next.

  7. On the Type your user name and password page, type the client user name (for example, user1) next to User name, and type the password for the user1 account next to Password. Select the Remember this password check box, type the domain name (for example, WOODGROVEBANK) next to Domain (optional), and then click Create.

  8. On The connection is ready to use page, click Close.

  9. In the Network and Sharing Center window, click Manage Network Connections.

  10. Under Virtual Private Network, right-click the destination name you typed in step 6, click Properties, and then click the Security tab.

  11. Select Advanced (custom settings), and then click Settings.

  12. Under Logon security, select Use Extensible Authentication Protocol (EAP), and then choose Protected EAP (PEAP) (encryption enabled).

  13. Click Properties.

  14. Select the Validate server certificate check box. Clear the Connect to these servers check box, and then under Select Authentication Method, select Secured Password (EAP-MSCHAP v2). Clear the Enable Fast Reconnect check box, and then select the Enable Quarantine checks check box. See the following example.

  15. If you want to use EAP-TLS as an inner authentication method, choose Smart Card or other certificate from the Select Authentication Method drop-down list.


It might be difficult to see the available authentication methods. The two choices available from the drop-down list are Secured password (EAP-MSCHAP v2 and Smart Card or other certificate.

  1. Click OK three times to accept these settings.

See Also


Checklist: Deploy a NAP VPN Server