I am trying to setup "Always-ON VPN" with Azure Gateway (Active-Active)- I have some concerns as following
1. If I have to provide fault tolerance to the NPS ,I will require an certificate for both the NPS servers behind the load-balancer (LB) .Can I use existing wild card certificate for it .Or I will require new certificate (assume I don't have any CA solution on-).What is the certificate requirements for NPS ?
2. For the Windows 10 PCs for certificate authentication can I use the same wild card certificate or what is the certificate requirements for the client PCs
3. Can I use the MFA with it or what is the requirement, if I am terminating the connection on Azure.
4. Also if I have an existing Direct Access solution. How can I migrate to "Always-ON" or move away from it once Always-ON solution is active.
How should I plan DA move to "Always-ON VPN"
Thank you all
Regards
NS
Regards, NSeth