This document assumes the reader has configured two Windows Server RRAS servers with two network interfaces, one in a perimeter or DMZ network, the other on the internal network. It should be noted that using two NICs is not a strict requirement. It is possible to configure Windows Server RRAS servers with a single network interface, if required. In addition, two Windows Server Network Policy Server (NPS) servers have been configured with a single network interface on the Internal network.

For details on recommended deployments, please reference the following link: https://directaccess.richardhicks.com/2018/01/22/always-on-vpn-protocol-recommendations-for-windows-server-routing-and-remote-access-service-rras/