1
00:00:03,040 --> 00:00:04,110
In this next demonstration,

2
00:00:04,110 --> 00:00:08,020
I'll show you how to configure high availability for your VPN infrastructure.

3
00:00:08,020 --> 00:00:10,560
So we'll begin by exporting the VPN server

4
00:00:10,560 --> 00:00:13,870
configuration from our existing VPN server,

5
00:00:13,870 --> 00:00:18,240
and to do that, I'm going to open up the PowerShell command window,

6
00:00:18,240 --> 00:00:25,940
and the command to do that is just simply netsh.exe ras dump.

7
00:00:25,940 --> 00:00:27,600
Now if I just hit Enter here,

8
00:00:27,600 --> 00:00:30,850
it just outputs it to the screen and that's obviously not helpful for me.

9
00:00:30,850 --> 00:00:33,580
So I want to do an up arrow and I want to pipe this to

10
00:00:33,580 --> 00:00:39,240
the Out‑File PowerShell command, and then I'll specify a FilePath,

11
00:00:39,240 --> 00:00:44,040
and then finally, I need to add the encoding type as ASCII.

12
00:00:44,040 --> 00:00:46,850
Now you might be asking yourself why would you do that.

13
00:00:46,850 --> 00:00:48,700
If I were to leave that off, and actually,

14
00:00:48,700 --> 00:00:50,560
I'll just demonstrate that real quick.

15
00:00:50,560 --> 00:00:56,750
If you leave that off, what you'll see is that the file format is in UTF‑16,

16
00:00:56,750 --> 00:01:01,490
and bizarrely, this is not a supported file format for import.

17
00:01:01,490 --> 00:01:05,180
So if I were to try and import this file as it stands now,

18
00:01:05,180 --> 00:01:06,560
it would actually fail.

19
00:01:06,560 --> 00:01:08,710
So you, as the administrator have two options.

20
00:01:08,710 --> 00:01:14,080
You can actually just do File, Save As, and then set the encoding type to UTF‑8,

21
00:01:14,080 --> 00:01:18,940
and then of course, we'll overwrite the file and now it's in the correct format.

22
00:01:18,940 --> 00:01:22,760
The other option here is just to simply add that

23
00:01:22,760 --> 00:01:27,540
encoding in the PowerShell output as ASCII,

24
00:01:27,540 --> 00:01:31,150
and now you'll see that the encoding type is actually correct.

25
00:01:31,150 --> 00:01:37,240
So once that's done, we're going to copy this file over to our new VPN server.

26
00:01:37,240 --> 00:01:39,830
So here we are on our newly prepared VPN server,

27
00:01:39,830 --> 00:01:43,610
and it's important to state that this VPN server should be configured as

28
00:01:43,610 --> 00:01:46,850
identically as possible to your existing VPN server,

29
00:01:46,850 --> 00:01:49,920
recommended to use the same version of Windows server.

30
00:01:49,920 --> 00:01:52,540
If it's joined at the domain, you want to match that.

31
00:01:52,540 --> 00:01:55,000
If you're using one or two network interfaces,

32
00:01:55,000 --> 00:01:57,490
you'll want to make sure that those align as well.

33
00:01:57,490 --> 00:01:58,390
And then finally,

34
00:01:58,390 --> 00:02:00,630
you want to make sure that your network interfaces are

35
00:02:00,630 --> 00:02:04,170
named the same across your VPN servers.

36
00:02:04,170 --> 00:02:05,820
And then once we've done that,

37
00:02:05,820 --> 00:02:08,440
we need to make sure that we have our certificates in place.

38
00:02:08,440 --> 00:02:13,340
So let's open up the local computer certificate store,

39
00:02:13,340 --> 00:02:17,450
and here, you'll see that I've already installed my public SSL certificate,

40
00:02:17,450 --> 00:02:20,140
so you see I have the certificate and the private key there,

41
00:02:20,140 --> 00:02:29,000
and I've also enrolled my IPsec certificate for IKEv2, so that certificate is installed as well.