Deploying Certificate-based Authentication for VPN Connections

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The use of certificates for authentication of VPN connections is the strongest form of authentication in the Windows Server 2003 family. You must use certificate-based authentication for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec)-based VPN connections and with smart cards. With smart cards, you must use the Extensible Authentication Protocol (EAP) with the Smartcard or other certificate (TLS) EAP type, also known as EAP-Transport Level Security (EAP-TLS).

This section covers:

• Computer certificates for L2TP/IPSec VPN connections

• Smart cards and remote access VPN connections

• Deploying certificate-based authentication for demand-dial routing