Deploying certificate-based authentication for demand-dial routing

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Deploying certificate-based authentication for demand-dial routing

The use of certificates for authentication of calling routers is the strongest form of authentication in the Windows Server 2003 family. For certificate-based authentication of demand-dial connections, you must use the Extensible Authentication Protocol (EAP) with the Smart card or other certificate (TLS) EAP type, also known as EAP-Transport Level Security (EAP-TLS). EAP-TLS requires the use of user certificates for the calling router and machine certificates (also known as computer certificates) for the answering router.

The deployment of certificate-based authentication for demand-dial routing typically occurs in the following situations:

• Business partner demand-dial connection

• Branch office demand-dial connection