I have Windows 2008R2 NPS working with Sonicwall TZ170 and NSA240. Here is how I have it configured: (The pictures below show what I have changed from the default settings for a new policy. If I do not specifically show it below, leave it at default)
1. Create a Windows AD group to control access to the VPN (something like ‘Sonicwall VPN’)
2. Add the user accounts who have VPN rights to the new group
3. Set the ‘allow dial-in access’ flag for the user accounts who are allowed to VPN (they need this bit set and the group membership)
4. Configure the NPS. Create a Radius client for your firewall (see picture 4).
5. Set the advanced tab like picture 5
6. Create a Connection Request policy (picture 6)
7. Set the NAS Port type to VPN in the connection request policy (picture 7)
8. Authenticate on this server (picture 8)
9. Create a Network policy (picture 9)
10. In the network policy, specify the group that will have access to the VPN (picture 10)
11. The Auth methods below work for me….(picture 11)
12. Allow full network access (picture 12)
13. Set encryption this way (picture 13)
14. Set IP address assignment (picture 14)
The other windows / tabs I left at default.
hope this helps......
