In this post, I will cover up some of the major feature additions that are done to remote access scenarios – both on the client side as well as the RRAS server side in Vista and Longhorn timeframe.
The list of major features include
1) NAP Enforcement for VPN client: NAP capable VPN client can connect to NAP capable VPN server (like RRAS) to enforce policy compliance of the PC is according to corporate policy. If the client PC is unhealthy, it will be quarantined till it becomes healthy.
2) IPv6 support: Apart from PPTPv4 or L2TPv4, VPN client can establish connections over IPv6 internet using L2TPv6 (Vista/LH server) or PPTPv6 (Vista SP1/LH Server). Similarly clients can obtain IPv6 address from the corporate network – apart from IPv4 address. This allow any combination of IPv4/v6 over IPv4/v6 to be used. Support for DHCPv6 relay agent, static filter v6, static IPv6 routing is also supported.
3) Removal of weak crypto and enable of strong crypto algorithm: 40/56 bit RC4 support for PPTP and DES/MD5 support for L2TP/IPSec is removed – as were considered weak crypto algorithms. Support for 128/256 bit AES is added for L2TP/IPSec. If you face interoperability issues between downlevel and Vista/LH, ensure maximum encryption is set in the connection properties the VPN client side and Strongest encryption in the remote access policies on the server side.
4) A New simple way to create VPN connection using “New connection Wizard”.
5) Connection manager administration kit now supports multi-locale
For list of all the new networking features in Vista/LH, refer
Let us know your thoughts/comments/queries
Lead Program Manager
RRAS, Windows Enterprise Networking
[This posting is provided “AS IS” with no warranties, and confers no rights.]