Configuring VPN to work without regard to dial in policy

Per this page:

https://technet.microsoft.com/en-us/library/cc732252%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

1. Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.
2. Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.
3. In the policy Properties dialog box, on the Overview tab, in Access Permission, select the Ignore user account dial-in properties check box, and then click OK.

You can enable NPS (Network Policy Server) to work without regard to the user's dial-in setting.  For years, I've been manually marking people with Allow for Dial-in as in below.

my static packet filters nightmare

It's been a bit since I ran into this problem, so I may not be remembering all the details correctly. But here's the gist -

In the course of setting up an Exchange 2010 server, I lost all network connectivity to my 2008 R2 box. I know I broke it, but I wasn't sure how. The answer was that I had enabled static packet filters when trying to set up routing and remote access via Network Policy and Access Services. Static Packet Filters are basically an additional option for denying access to certain ports - but if you have a firewall, you're already using another option for that functionality. I was just clicking through the Network Policy and Access Services installation and hit YES on something I wasn't paying attention to.

To remove the problem once I had realized what I did, I did this (according to my notes):

I opened RRAS and went to IPv4 -> General. Right clicked on my NIC and clicked on inbound and outbound filters each and chose "receive all packets . . . " instead if "drop all packets . . . "


Though looking back at it a couple months later, I don't see the same options when I right click on my NIC in RRAS. But hopefully, someone else will find this helpful at some point.