VPN Entry - Security Tab
Applies To: Windows Server 2008, Windows Server 2012
The security settings you assign to a VPN entry must match the settings on the VPN server to which this entry corresponds. The settings are determined by the configuration of the VPN server. You can specify whether or not encryption is required, the authentication protocol that is used, which VPN protocols to attempt and in which order.
Setting | Description |
---|---|
Data encryption |
Specifies the encryption type to use for the data stream to and from the remote VPN server. Choices include:
The selection made must be compatible with the encryption requirements of the remote server, or else the connection fails. |
Use Extensible Authentication Protocol |
Specifies that logon authentication uses Extensible Authentication Protocol (EAP), with the option of using smart cards or other certificates. If you select this setting, you must configure the EAP or certificate options by clicking Properties. For more information about the Protected EAP Properties page or the Smart Card or other Certificate Properties page, press F1 while viewing those pages. |
Authentication methods |
Specifies other means for transmitting the authentication information to the server. These are older authentication protocols that you can use only if the VPN server requires them. It is recommended that you avoid the use of Password Authentication Protocol (PAP), because it transmits your user name and password in plaintext over the network. |
VPN strategy |
Specifies the VPN protocols to attempt, and in which order. You can choose to attempt Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or Secure Socket Tunneling Protocol (SSTP), either alone, or with the selected protocol attempted first. If you specify a single protocol, and the remote server does not support that protocol, then the connection fails. If you select one of the "try first" options, the order the protocols are attempted are as follows:
|
Note
If L2TP/IPsec is used, you can include a preshared key with the connection profile. Use this option only if you cannot use computer certificates as the authentication method. For more information about including a preshared key, see Configure a Preshared Key.
For more information about configuring VPN entries, see https://go.microsoft.com/fwlink/?linkid=80953 on the Microsoft Web site.