Designing Support for VPN Access

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Depending on the credentials of the authenticating user, you can configure IAS to direct the traffic from a VPN client through a tunnel to specific parts of the enterprise network. Both voluntary and compulsory tunneling can be used for outsourced VPN access.

Special Considerations for VPN Access

Consider the following access server compatibility issues:

• IAS can provide compulsory tunneling connection attributes for network access servers (NASs) that support compulsory tunneling. However, the Windows Server 2003 Routing and Remote Access service does not support compulsory tunneling.

• VPN servers running the Microsoft® Windows NT® version 4.0 operating system must also be running Routing and Remote Access Service (RRAS) if you want to configure them as RADIUS clients.

For more information about Internet Authentication Service, including the authorization and authentication process used in voluntary and compulsory tunneling, see the Networking Collection of the Windows Server 2003 Technical Reference (or see the Networking Collection on the Web at https://www.microsoft.com/reskit).

For information about the RADIUS attributes used with compulsory tunneling, see "Compulsory tunnels" in Help and Support Center for Windows Server 2003.