[prev in list] [next in list] [prev in thread] [next in thread]
List: vpn
Subject: RE: [VPN] Windows 2003 VPN
From: "Basim Jaber" <bjaber () ipass ! com>
Date: 2003-10-27 16:11:34
[Download RAW message or body]
--===============4758518481927787==
content-class: urn:content-classes:message
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=MD5; boundary="----=_NextPart_000_0038_01C39C61.EF7922C0"
This is a multi-part message in MIME format.
[Attachment #2 (multipart/alternative)]
Tait,
The Windows Server 2003 "Network Access Quarantine" feature is documted in
full at the following URL:
http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx
Be forewarned, however, that is requires a moderate to complex level of
scripting (depending on what you want to check for on the client PC). It
also involves setting up appropriate remediation services (i.e. web server
for patch/software downloads, IAS 2003 (RADIUS), RRAS for Win2003, etc.
The Nortel Contivity VPN "TunnelGuard" feauture can do pretty much the same,
but does not involve scripting to the level of complexity (or at all, I
believe) as the Win2003 solution.
Lastly, please note that if you already have clients out there with Nortel
Contivity VPN Clients deployed and you want to end up using the Win2003
IPSec/LT2P VPN, then you have to uninstall the Nortel client as the IPSec
policy agent is disabled on the Nortel VPN Client. If you use PPTP with
Win2003 RRAS, then you are downgrading in security (IPSec --> PPTP). Not
wise.
My suggestion, stay with Nortel and use TunnelGuard.
--Basim
_____
Basim S. Jaber
Senior Systems Engineer
Field Sales - Americas
iPass, Inc. <mailto:bjaber@iPass.com> bjaber@iPass.com
(650) 232-4311
_____
From: Tait Humphries [mailto:humphrie@wfubmc.edu]
Sent: Friday, October 24, 2003 12:01 PM
To: vpn@lists.shmoo.com
Subject: [VPN] Windows 2003 VPN
Does anyone have experience using the VPN offered through Windows 2003? We
currently have Nortel VPN (IPSec) but we are wanting to check the remote PCs
anti-virus, patch level... I know there are ways to do this via our Nortel
solution but I have been asked to research the possibility via 2003 - there
appears to be a way to do this in 2003 "Network Access Quarantine Control" -
Do you have any recommendations on this OR on using Windows as your VPN
server in general? I have reservations about relying on Microsoft for VPN
security - (maybe I'm just paranoid - if not please include URL links to
facts about any real concerns with the way Windows VPN). - I seem to recall
an issue with their IPSec DES
Thanks,
Tait Humphries
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.3790.88" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>Tait,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>The Windows Server 2003 "Network Access Quarantine" feature
is documted in full at the following URL:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2><A
href="http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx">ht \
tp://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>Be forewarned, however, that is requires a moderate to
complex level of scripting (depending on what you want to check for on the
client PC). It also involves setting up appropriate remediation services
(i.e. web server for patch/software downloads, IAS 2003 (RADIUS), RRAS for
Win2003, etc.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>The Nortel Contivity VPN "TunnelGuard" feauture can do
pretty much the same, but does not involve scripting to the level of complexity
(or at all, I believe) as the Win2003 solution.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>Lastly, please note that if you already have clients out
there with Nortel Contivity VPN Clients deployed and you want to end up using
the Win2003 IPSec/LT2P VPN, then you have to uninstall the Nortel client as the
IPSec policy agent is disabled on the Nortel VPN Client. If you use PPTP
with Win2003 RRAS, then you are downgrading in security (IPSec -->
PPTP). Not wise. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>My suggestion, stay with Nortel and use
TunnelGuard.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003><FONT face=Arial
color=#0000ff size=2>--Basim</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=457580616-27102003>
<DIV align=left>
<DIV><SPAN class=688354918-03042003><FONT color=#800000 size=2><STRONG>
<DIV align=left>
<DIV><FONT color=#800000><STRONG><FONT size=2>
<DIV align=left><SPAN class=078292718-26022003><FONT color=#800000
size=2><STRONG><FONT color=#800000><STRONG><FONT size=2>
<DIV align=left><FONT face=Arial></FONT><SPAN class=078292718-26022003><FONT
color=#800000 size=2><STRONG><FONT color=#800000><STRONG><FONT size=2></DIV>
<DIV align=left>
<DIV align=left><SPAN class=078292718-26022003><FONT color=#800000
size=2><STRONG><FONT color=#800000><STRONG><FONT size=2>
<DIV align=left><FONT face=Arial></FONT><SPAN class=078292718-26022003><FONT
color=#800000 size=2><STRONG><FONT color=#800000><STRONG><FONT size=2></DIV>
<DIV align=left><FONT face=Arial><EM>
<HR>
</EM></FONT></DIV></FONT></STRONG>
<DIV align=left></FONT></STRONG></FONT>
<DIV><FONT size=2><SPAN class=078292718-26022003><FONT face=Arial
size=2><EM>Basim S. Jaber</EM></FONT></SPAN></FONT></DIV>
<DIV><FONT size=2><SPAN class=078292718-26022003>
<DIV>
<DIV align=left><FONT face=Arial color=#000000 size=1>S<SPAN
class=796555917-14052003>enior Systems</SPAN> Engineer</FONT></DIV>
<DIV align=left><SPAN class=796555917-14052003><FONT face=Arial color=#000000
size=1>Field Sales - Americas</FONT></SPAN></DIV>
<DIV align=left><FONT color=#000000><FONT size=1><FONT face=Arial>iPass<SPAN
class=934385216-10022003>,</SPAN> Inc.<SPAN
class=934385216-10022003> </SPAN></FONT></FONT></FONT><A
title=mailto:bjaber@iPass.com href="mailto:bjaber@iPass.com"><FONT size=1><FONT
face=Arial><SPAN class=934385216-10022003>bj</SPAN>aber@iPass.<SPAN
class=934385216-10022003>com</SPAN></FONT></FONT></A></DIV>
<DIV align=left><FONT face=Arial color=#000000 size=1><SPAN
class=934385216-10022003>(650)
232-4311</SPAN></FONT></DIV></DIV></SPAN></FONT></DIV></DIV></SPAN></FONT></STRONG></FONT></STRONG></FONT><SPAN \
class=078292718-26022003></DIV></SPAN></SPAN></FONT></STRONG></FONT></STRONG></FONT></SPAN></FONT></STRONG></FONT></STRONG></FONT><SPAN \
class=078292718-26022003></SPAN></SPAN></FONT></STRONG></FONT></STRONG></FONT></SPAN><SPAN \
class=688354918-03042003></SPAN></DIV></DIV></DIV></DIV></DIV></DIV></SPAN></DIV><BR>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Tait Humphries
[mailto:humphrie@wfubmc.edu] <BR><B>Sent:</B> Friday, October 24, 2003 12:01
PM<BR><B>To:</B> vpn@lists.shmoo.com<BR><B>Subject:</B> [VPN] Windows 2003
VPN<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=520365118-24102003><FONT size=2><FONT face=Arial>Does anyone
have experience using the VPN offered through Windows 2003? We currently
have Nortel VPN (IPSec) but we are wanting to check the remote PCs anti-virus,
patch level... I know there are ways to do this via our Nortel solution but I
have been asked to research the possibility via 2003 - there appears to be a
way to do this in 2003 "Network Access Quarantine Control" - Do you have any
recommendations on this OR on using Windows as your VPN server in
general? I have reservations about relying on Microsoft for VPN security
- (maybe I'm just paranoid - if not please include URL links to facts about
any real concerns with the way Windows VPN). - I seem to recall an issue
with their IPSec DES</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=520365118-24102003><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=520365118-24102003><FONT face=Arial
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=520365118-24102003><FONT face=Arial size=2>Tait
Humphries</FONT></SPAN></DIV></BLOCKQUOTE></BODY></HTML>
["smime.p7s" (application/x-pkcs7-signature)]
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
--===============4758518481927787==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic