I would like to start a new thread. I have a couple of questions and thought about Deploying a VPN Sever on W2K. First thing is that I want to use IPSEC, L2PT, I think it is faster than PPTP. However I have seen an article that says that earlier versions of windows (95,98) doesn’t support L2PT. Does that mean it can’t be done? Has anyone tried this and has it cranking? Is it possibe to change the defaults on authentication on a couple of ports that will allow MSCHAP handshaing to validate thetrusted 95/98 Client?
Another question I have is, since it is going to have external access to resources, what form of authentication would be the best. I think this is what I am struggling with the most. From what I have read there are three forms. Kyerbos 5, Cerificates and Public Keys. At his time out PDC is running on NT 4, so i think that the active directory authentication won’t work either. So I am stuck with Certificates and Public that I should ditribute on Disks? I think the automatic deployment only works if your PDC is Server 2000 as it relies on Active Directory. I also want this to be scalable and when we upgrade our existing PDC, I would like to use the authentication schemes that can be utilized by active directory.
Lets use this thread as a think tank. If anyone can offer me any thought or suggestions or things to try lets post them. As Microsoft kind of skirts these issues by showing their deployment guides “Assuming that your Domain is running Windows 2000 and you are Connecting to a Windows 2000 Server”….In a perfect world. Thanks everyone.
Bryan