Export (0) Print
Expand All

Authentication of VPN clients

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2


The authentication of virtual private network (VPN) clients by the VPN server is a vital security concern. Authentication takes place at two levels:

  1. Computer-level authentication

    When Internet Protocol security (IPSec) is used for a Layer Two Tunneling Protocol (L2TP) over IPSec (L2TP/IPSec) VPN connection, computer-level authentication is performed through the exchange of computer certificates or a preshared key during the establishment of the IPSec security association. For more information, see Internet Key Exchange.

  2. User-level authentication

    Before data can be sent over the Point-to-Point Tunneling Protocol (PPTP) or L2TP tunnel, the remote access client or demand-dial router that requests the VPN connection must be authenticated. User-level authentication occurs through the use of a Point-to-Point Protocol (PPP) authentication method. For more information, see Remote Access Authentication Methods.

For more information, see Network access authentication and certificates.

Community Additions

© 2016 Microsoft