Incorporating VPN Entries

  • Article

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2012, Windows Vista

You can configure connection and security settings for the VPN server or servers that support your connection profile. If you customize these settings, you can better handle unique network authentication or routing requirements of particular connection profiles.

Before you can configure a VPN entry to support a VPN server or servers, you must specify whether users of your profile must use a particular server or they can choose between servers. You specify this in the VPN Support page of the CMAK wizard. If you allow your users to choose between servers, each server you specify appears in a list on the VPN tab of the properties dialog box for the service profile. For more information, see Implementing VPN Support.

You can specify the following settings for each VPN entry:

  • Whether to enable file and printer sharing

  • Whether to assign static or dynamic IP addresses for Domain Name System (DNS) and Windows Internet Name Service (WINS) servers

  • Whether to make this connection the default gateway for the client

  • What security settings to apply, based on the client operating system

    • What authentication methods to use

    • What encryption methods to use

You must edit each VPN entry to provide the network and security configuration necessary for a client to connect to any of your VPN servers that use that entry. For example, if you want to configure a profile to require smart cards, on the VPN Entries page, click the VPN entry that you want to configure, click Edit, click the Security tab, click Configure for advanced security settings, click Use Extensible Authentication Protocol (EAP), and then click Smart Card or other certificate (encryption enabled).

All VPN servers use the default VPN entry unless you specify a different entry in the VPN file. If you do not edit the default VPN entry, it will use default settings provided by the CMAK wizard, which might not be appropriate for your network.

Note

The VPN entry that you add or edit in VPN Entries must have exactly the same name as one you specified in the VPN file. If you add a VPN entry (by clicking New), you must add a matching entry manually to the VPN file to make the VPN server available to your users.

Additional references