Provisioning VPN client settings using Group Policy

Problem: Today, Microsoft VPN client can be configured in two ways as discussed in this article – a) in-built VPN client b) CM based VPN client. The first method requires end user to know the VPN settings and then create a VPN connection – which needs to be repeated by each user and prone to…

1

What type of certificate to install on the VPN server

Hello Friends, In my previous posting related to VPN tunnel selection, I discussed various scenarios in which you need to install a certificate on the VPN server. To summarize this requirement in a nutshell: except PPTP tunnel, for all the other tunnel types (i.e. IKEv2, SSTP and L2TP/IPSec) VPN server machine should be installed with…

1

Smart Defaults for VPN Strategy and Authentication Protocol in CMAK

In W7 the CMAK wizard can be used to create CM profiles that can run on both Vista and W7 machines (a separate profile is still required for XP). When creating the profile if a VPN strategy or authentication protocol is specified which is not supported by Vista then CMAK automatically assigns default values for these settings…

0

Remote Access Design Guidelines – Part 5: Where to place RRAS server

Hello Customers, In this post, I will highlight on various placement requirements related to RAS server. 5.1 NAT Routers A VPN server machine can sit behind a NAT router as long as following requirements are met: For SSTP, NAT port redirection or bi-directional should be configured on NAT router – to redirect the HTTPS packets…

4

Remote Access Design Guidelines – Part 4: IP Routing and DNS

Hello Customers, In this post, I will walk through some aspects on IP addressing, routing and name resolution related design guidelines. 4.1 IP Addressing The VPN client machine will have minimum two IP addresses – one that it gets from ISP through which it connects to VPN server (called as outer or internet IP address)…

1

Remote Access Design Guidelines – Part 3: Tunnel selection, Authentication, Authorization and Accounting

Hello Customers, In this post, I will walk through the most important topic – which authentication protocol, VPN tunnel to use, how to authorize access of your VPN users. Lets have a look: 3.1 User Authentication The remote access user is authenticated by the VPN server during VPN tunnel establishment phase. The following table highlights…

2

Remote Access Design Guidelines – Part 2: VPN client software selection

Hello Customers, In this post, I will walk through the different ways in which you can enable VPN functionality on the remote access devices (desktops, laptops used by your remote access users). Lets look at the various choices: 2.1 Operating Systems The remote access users in your organization will normally be running different operating systems…

1

Remote Access Design Guidelines – Part 1: Overview

Hello Customers, In last few releases, we have added plenty of “cool” features in RAS – like NAP based health check, SSTP based SSL tunnel, IPv6 support in Vista SP1/WS08 and IKEv2 based IPSec tunnel in Windows 7/WS08 R2. As a result, we have seen a lot of interesting questions from you- about various design…

3

VPN tunnel strategy - defining the connection order between various tunnel types

Hello Customers,   As I wrote in this blog, there are four types of VPN tunnel supported by Windows 7 based VPN clients. In this blog I will focus on following things: how do you configure tunnel types on the client, how to decide on the tunnel type order while establishing connection, …   Lets…

4

RRAS Performance results

Hello Customers,   A lot of you have requested directly or through the field channels about performance results of RRAS  for different VPN tunnel types – specifically SSTP. I am writing this blog to share the results for the tests done internally by our test team (thanks Sai and other test team members).   First,…

2