Incorporating VPN entries

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Incorporating VPN entries

You can configure connection and security settings for the VPN server or servers that support your service profile. If you customize these settings, you can better handle unique network authentication or routing requirements of particular service profiles.

Before you can configure a VPN entry to support a VPN server or servers, you must specify whether users of your service profile must use a particular server or they can choose between servers. You specify this in the VPN Support pane of the Connection Manager Administration Kit (CMAK) wizard. If you allow your users to choose between servers, each server you specify appears in a list on the VPN tab of the properties dialog box for the service profile. For more information, see Implementing VPN support.

You can specify the following settings for each VPN entry:

  • Whether to enable file and printer sharing

  • Whether to enable clients to log on to a network

  • Whether to assign static or dynamic IP addresses for Domain Name System (DNS) and Windows Internet Name Service (WINS) servers

  • Whether to make this connection the default gateway for the client

  • What security settings to apply, based on the client operating system

    • What authentication methods to use

    • What encryption methods to use

You must edit each VPN entry to provide the network and security configuration necessary for a client to connect to any of your VPN servers that use that entry. For example, if you want to configure a profile to require smart cards, on the VPN Entries pane, click the VPN entry that you want to configure, click Edit, click the Security tab, click Configure for advanced security settings, click Use Extensible Authentication Protocol (EAP), and then click Smart Card or other certificate (encryption enabled).

All VPN servers use the default VPN entry unless you specify a different entry in the VPN file. If you do not edit the default VPN entry, it will use default settings provided by the CMAK wizard, which might not be appropriate for your network.

Notes

  • The VPN entry that you add or edit in VPN Entries must have exactly the same name as one you specified in the VPN file. If you add a VPN entry (by clicking New), you must add a matching entry manually to the VPN file to make the VPN server available to your users.

  • On the General tab, the option Disable file and printer sharing affects only computers running Windows NT 4.0, Windows 2000, Windows XP, or a member of the Windows Server 2003 family.

  • On the General tab, the option Enable clients to log on to a network affects only computers running Windows 95, Windows 98, or Windows Millennium Edition.

See Also

Concepts

Implementing VPN support
Advanced Customization
Remote Access Overview
VPN Tunneling Protocols
Remote Access Authentication Methods