Network Interfaces - Demand-dial - Networking Tab
Applies To: Windows Server 2008
| Dialog box element | Description |
|---|---|
Type of VPN |
Lists the available remote access server types you can call. Choices vary, depending on the type of connection. If a host name or Internet Protocol version 4 (IPv4) address is entered in the General tab, the type of VPN allowed is: Automatic, PPTP VPN, or L2TP IPsec. If an Internet Protocol version 6 (IPv6) address is entered in the General tab, the type of VPN allowed is: L2TP IPsec. For a virtual private network (VPN) connection, if you are not sure which type to select, click Automatic. PPTP is attempted first, and then L2TP. If you are sure that your VPN server is a PPTP server or an L2TP server, select the appropriate server type. In order to connect to an L2TP server, the Trusted Root Certification Authorities certificate store on your computer must contain the certificate of the root authority for the certification authority that issued your computer certificate and the certificate for the L2TP server. |
This connection uses the following items |
Lists the available network components that your connection can use. Network components are the clients, services, and protocols you use to communicate with servers on your network once you are connected to a server. To enable the use of a network component, click the check box next to the name of the component. To disable the use of a network component, clear the check box next to the name of the component. More than one network protocol may be listed. |
IPsec Settings
| Dialog box element | Description |
|---|---|
Use preshared key for authentication |
Specifies whether the preshared key method of authentication is enabled for the Internet Key Exchange (IKE). This method uses a secret set of characters (the key) that has been agreed upon by two users. The use of preshared key authentication is not recommended because it is a relatively weak authentication method. Preshared key authentication creates a master key that is less secure (that might produce a weaker form of encryption) than certificates or the Kerberos V5 protocol. In addition, preshared keys are stored in plaintext in the registry. In Active Directory, preshared keys are stored in readable hexadecimal format. Preshared key authentication is provided for interoperability purposes and to adhere to IPsec standards. It is recommended that you use preshared keys only for testing and that you use certificates or Kerberos V5 instead in a production environment. |
Key |
Type your preshared key. This option is available only if the Use preshared key for authentication check box has been selected. |
Use certificate for authentication |
Specifies whether the certificate method of authentication is enabled for the Internet Key Exchange (IKE). This method uses a certificate issued from a specified certification authority (CA). |
Verify the Name and Usage attributes of the server's certificate |
Specifies whether the server verifies the validity of the certificate used for IKE with the CA certificate the server has in its certificate store. |