WinVista VPN Client-o-Rama

One of the most common questions we are getting from customers who are preparing to upgrade their environment to Windows Vista is: "Will my VPN client from <insert vendor> work with Vista?"

Good question.  Nah, that's a great question.  Why?  Well, considering the sear number of laptops and all the mobile computing enhancements in Windows Vista, it's no surprise that users would be "on the road" and wanting to gain access back to the mothership.

To help you find out the release schedules of VPN clients that will be 100% compatible with our latest client OS, we've setup a living KB article entitled:

Windows Vista-compatible third-party virtual private network (VPN) client schedules

For fans of the Article IDs, it's 929490.  The article has already been updated a bunch of times as we get the latest info in from vendors like Checkpoint, Cisco, and Aventail.  As you can imagine, we've been working with these vendors (IPsec and SSL-VPNs alike) for several years during the ramp up to release of WinVista.  Many of them are now just putting the final touches on their client software and hammering through the last set of test plans before releasing to customers.

It's important to note that the information provided on this KB article is provided by the third-parties, not Microsoft.  So, my recommendation is you check out this article, zero in on the details for your particular VPN solution, and follow the links provided to the vendor's site for more details.

On another note, there are lots of alternatives if you're feeling the VPN compatibility blues.  For example, you should do a good inventory of what you actually need to make available remotely and see if alternative (yet still secure) solutions could be a better route (including potential cost savings). 

For example, most of the remote access requirements here at Microsoft are related to Exchange.  It's likely no surprise that 'softies are email junkies.  We can't get enough.  Seriously, we need help.  Anyhow, instead of opening up a fat VPN tunnel for just email access, we use the Outlook Anywhere (formerly known as RPC over HTTP) to, effectively, provide an application specific SSL based solution for remote email access.  Neat stuff and it doesn't change the end-user experience.  I just pop open Outlook (even though it's likely already open) and once I have a routable IP address...BAM...I'm getting my email fix.

A second option is to look at using the reverse proxy/application publishing features of ISA Server 2006 and IAG 2007.  We've used some of this for securely exposing applications, like our expense report tool, without needing to fully VPN in.  We can still employ strong, multi-factor user authN, but it's still not a full VPN tunnel being setup.

Lastly, there are our Secure Remote Access solutions that are already ready for Windows Vista:

• • • • Connection Manager w/ RRAS (PPTP or L2TP/IPsec VPN)
      • ISA Server 2006 VPN (PPTP or L2TP/IPsec VPN)
      • Intelligent Application Gateway 2007 (SSL VPN)

Check this stuff out, as well as the Windows Vista app compat kits recently release.