Smart Defaults for VPN Strategy and Authentication Protocol in CMAK

In W7 the CMAK wizard can be used to create CM profiles that can run on both Vista and W7 machines (a separate profile is still required for XP). When creating the profile if a VPN strategy or authentication protocol is specified which is not supported by Vista then CMAK automatically assigns default values for these settings…

0

Remote Access Deployment – Part 3: Configuring RADIUS Server for remote access

Hello Customers, In this post, I will go through the steps to configure to deploy Network Policy Server (NPS) based RADIUS server to authenticate and authorize the remote access connections coming from RRAS based VPN server. I will try to go through different policy parameters in order to point you to various important policy options…

1

Remote Access Deployment – Part 2: Configuring RRAS as a VPN server

Hello Customers, In this post, I will go through the steps to configure to deploy RRAS as a VPN server. I will try to go through different configuration scenarios in order to point you to various configuration options in RRAS server role. However for your deployment, you may be skipping some of those – depending…

1

Remote Access Deployment – Part 1: Configuring Remote Access Clients

Hello Customers, In my last few articles, I discussed about the design guidelines to consider before deploying  a remote access solution. In the next few articles, I will go through the steps to configure the various components  of the remote access solution. These articles will act as your jump-start guide to quickly build a solution…

0

Remote Access Design Guidelines – Part 5: Where to place RRAS server

Hello Customers, In this post, I will highlight on various placement requirements related to RAS server. 5.1 NAT Routers A VPN server machine can sit behind a NAT router as long as following requirements are met: For SSTP, NAT port redirection or bi-directional should be configured on NAT router – to redirect the HTTPS packets…

4

Remote Access Design Guidelines – Part 4: IP Routing and DNS

Hello Customers, In this post, I will walk through some aspects on IP addressing, routing and name resolution related design guidelines. 4.1 IP Addressing The VPN client machine will have minimum two IP addresses – one that it gets from ISP through which it connects to VPN server (called as outer or internet IP address)…

1

Remote Access Design Guidelines – Part 3: Tunnel selection, Authentication, Authorization and Accounting

Hello Customers, In this post, I will walk through the most important topic – which authentication protocol, VPN tunnel to use, how to authorize access of your VPN users. Lets have a look: 3.1 User Authentication The remote access user is authenticated by the VPN server during VPN tunnel establishment phase. The following table highlights…

2

Remote Access Design Guidelines – Part 2: VPN client software selection

Hello Customers, In this post, I will walk through the different ways in which you can enable VPN functionality on the remote access devices (desktops, laptops used by your remote access users). Lets look at the various choices: 2.1 Operating Systems The remote access users in your organization will normally be running different operating systems…

1

Remote Access Design Guidelines – Part 1: Overview

Hello Customers, In last few releases, we have added plenty of “cool” features in RAS – like NAP based health check, SSTP based SSL tunnel, IPv6 support in Vista SP1/WS08 and IKEv2 based IPSec tunnel in Windows 7/WS08 R2. As a result, we have seen a lot of interesting questions from you- about various design…

3

Change in username format to UTF8 to handle International Characters

As the usage of non-English languages in usernames becomes more and more popular it is important to use the right kind of format for the characters so that the entire character set in these international languages is correctly represented. In Vista/LH ANSI format was used for usernames. ANSI can only represent characters in the 0-127 character set correctly. Extended…

1