[VPN] Windows 2003 VPN

Basim Jaber bjaber at ipass.com
Mon Oct 27 11:11:34 EST 2003 

Tait,
 
The Windows Server 2003 "Network Access Quarantine" feature is documted in
full at the following URL:
http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx
 
Be forewarned, however, that is requires a moderate to complex level of
scripting (depending on what you want to check for on the client PC).  It
also involves setting up appropriate remediation services (i.e. web server
for patch/software downloads, IAS 2003 (RADIUS), RRAS for Win2003, etc.
 
The Nortel Contivity VPN "TunnelGuard" feauture can do pretty much the same,
but does not involve scripting to the level of complexity (or at all, I
believe) as the Win2003 solution.
 
Lastly, please note that if you already have clients out there with Nortel
Contivity VPN Clients deployed and you want to end up using the Win2003
IPSec/LT2P VPN, then you have to uninstall the Nortel client as the IPSec
policy agent is disabled on the Nortel VPN Client.  If you use PPTP with
Win2003 RRAS, then you are downgrading in security (IPSec --> PPTP).  Not
wise. 
 
My suggestion, stay with Nortel and use TunnelGuard.
 
--Basim
  _____  

Basim S. Jaber
Senior Systems Engineer
Field Sales - Americas
iPass, Inc.     <mailto:bjaber at iPass.com> bjaber at iPass.com
(650) 232-4311


  _____  

From: Tait Humphries [mailto:humphrie at wfubmc.edu] 
Sent: Friday, October 24, 2003 12:01 PM
To: vpn at lists.shmoo.com
Subject: [VPN] Windows 2003 VPN


Does anyone have experience using the VPN offered through Windows 2003?  We
currently have Nortel VPN (IPSec) but we are wanting to check the remote PCs
anti-virus, patch level... I know there are ways to do this via our Nortel
solution but I have been asked to research the possibility via 2003 - there
appears to be a way to do this in 2003 "Network Access Quarantine Control" -
Do you have any recommendations on this OR on using Windows as your VPN
server in general?  I have reservations about relying on Microsoft for VPN
security - (maybe I'm just paranoid - if not please include URL links to
facts about any real concerns with the way Windows VPN).  - I seem to recall
an issue with their IPSec DES
 
Thanks,
Tait Humphries

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20031027/5404c6a1/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3732 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20031027/5404c6a1/attachment.bin

More information about the VPN mailing list