3Com, 54
C++ (high-level language), 106
CA Identifying Information page, 134
CA Type page, 134
cable modems, 252, 257
CAPICOM scripts, 106
CAs (certification authorities). See also certificates
Auto-Enrollment CA feature, 70
certificate allocation, 103, 107
certificate enrollment, 104, 107
certificate enterprise, 104, 107
certificate requests, 105–106
configuring, 134, 152
Connection Manager, 134, 152
deployment, 207
described, 45
enterprise, 99
incorrect certificates, 288
installing certificates, 212
interoperability, 104
L2TP/IPSec, 96, 99
private-key encryption, 45
public-key encryption, 45
quarantine features, 134, 152
root, 96, 99, 201, 202, 288, 301
site-to-site VPNs, 188, 201, 202, 301, 303–306
smart cards, 97
third-party, 103, 188
troubleshooting, 288, 301, 303–306
unable to connect problems, 301
cer (DER Encoded Binary X.509) format, 209
Certificate Database Settings page, 135
Certificate Export Wizard, 209, 210
Certificate Import Wizard, 106, 110
Certificate Issued page, 209
Certificate Manager snap-in, 213
Certificate Request Wizard, 106, 110
certificate revocation list (CRL). See CRL (certificate revocation list)
Certificate Services, 28
Certificate Template To Issue option, 153, 207
certificates. See also CAs (certification authorities); Certificates snap-in
automatic allocation, 103, 107
browsers, 105, 109
CAPICOM scripts, 106
cer format, 209
clients, 69
computer machine, 41
deployment, 102–110, 206–214, 249, 255, 269
described, 44–46
distribution of, 45
EAP-TLS, 212, 289
EKU, 290
enrollment, 104, 107, 150, 158, 249, 250
exporting, 209, 210
extranets, 269
importing, 106, 110, 211
incorrect, 288
infrastructure, 96–100
installing, 69, 81, 100, 103–106, 107–110, 184
interoperability, 53, 55
L2TP/IPSec, 28–30, 41, 69, 96, 201
obtaining original, 208
pfx format, 210
provisioning, 127, 129, 140–168
requesting, 105–106, 109–110, 208
site-to-site VPNs, 181, 184, 201–203, 301, 302–306
smart cards, 97–98, 99
templates, 104, 107, 134, 151, 207
troubleshooting, 288, 301, 302–306
unable to connect problems, 301, 302–306
VPN routers, 181
VPN servers, 81
Certificates snap-in, 105, 106, 110, 168
EAP-TLS, 289
exporting certificates, 209
site-to-site VPNs, 301, 303
troubleshooting, 288, 289, 301, 303
unable to connect problems, 301
Certificates-Current User folder, 110
certification authorities (CAs). See CAs (certification authorities)
Certification Authority snap-in, 108, 207
challenge strings, 39
CHAP (Challenge-Handshake Authentication Protocol), 21, 38, 55, 75, 188. See also MS-CHAP (Challenge-Handshake Authentication Protocol)
CIDR (Classless InterDomain Routing), 238
Cisco, 88, 194
Client Can Be Connected (Session-Timeout) option, 143
clients. See also VPN clients
adding, 225
certificates, 69
configuring, 66, 70, 250
current technology, 6
deployment, 250, 272
described, 64–71
IP addresses, 80
name resolution, 83
preventing traffic, 92–94
routing, 86–88, 92–94
site-to-site VPNs, 170
VPN servers, 80
CM (Connection Manager). See also CMAK (Connection Manager Administration Kit)
certificate provisioning, 127, 129, 140–168
components, 67
creating groups, 141
creating policies, 141–149
creating user accounts, 140
deployment, 124, 128–140
described, 32, 66–68
CM (Connection Manager) (continued)
L2TP/IPSec, 128, 129
Network Access Quarantine Control, 140–168
packages, 124
profiles, 67, 130, 136, 160–168
quarantine features, 128–140
reviewing policies, 150
test lab configuration, 130–140
CMAK (Connection Manager Administration Kit). See also CM (Connection Manager)
described, 33, 67
installing, 139
Network Access Quarantine Control, 47
packages, 124
profiles, 160–168
quarantine features, 139
Cmconfig.txt, 159, 164
Cmgetcer.dll, 163
COM (Component Object Model), 106
commands
net start policyagent, 282
net start remoteaccess, 282
net stop policyagent, 282
net stop remoteaccess, 282
netsh, 280
netsh aaaa show config, 227, 271
netsh add registered server, 224
netsh exec, 272
netsh interface set interface, 237
netsh ras add registered server, 285, 299
netsh ras set tracing, 280
netsh ras show registered server, 285, 298
netsh routing ip rip update, 237
netsh routing ip show rtmroutes, 278
route print, 278
Completing The Certificate Export Wizard page, 211
Completing The Connection Manager Administration Kit Wizard page, 166
Completing The Demand-Dial Interface Wizard page, 220, 222
Completing The New Remote Access Policy Wizard page, 118, 141, 143, 144
Completing The New Scope Wizard page, 133
Completing The Routing And Remote Access Server Setup Wizard page, 137
Completing The Windows Components Wizard page, 135
Component Object Model (COM). See COM (Component Object Model)
compression schemes, 20
Computer Configuration group policy, 99
Configuration page, 137
Configure And Enable Routing And Remote Access option, 137, 216, 246
Configure DHCP Options page, 133
Connect Only If Server Name Ends With option, 97, 98
Connect To The Network At My Workplace option, 250, 251
Connect To These Servers option, 99, 212
Connect Using Virtual Private Networking (VPN) option, 217, 221
Connection Manager (CM). See CM (Connection Manager)
Connection Manager Administration Kit (CMAK). See CMAK (Connection Manager Administration Kit)
Connection Manager Administration Kit Wizard, 68
Connection Manager Software page, 164
Connection Point Services (CPS). See CPS (Connection Point Services)
Connection Type page, 217, 221
connections. See also CM (Connection Manager); specific types
automatic, 297, 309
common problems, 288
unable to connect problems, 283–292, 296, 297–306
Connections To Microsoft Routing And Remote Access Server policy, 48, 93
connectoids
actions, 67
CM, 67
creating, 66
described, 66
Control Access Through Remote Access Policy option, 94, 177, 197, 199, 248, 250, 252
Control Panel, 66, 76, 223, 301
convergence, 230, 231, 233
CPS (Connection Point Services), 33, 67
Create And Submit A Request To This CA option, 208
CRL (certificate revocation list), 289, 303–306
CRL Distribution Points field, 289, 303
cryptanalysis, 42
cryptography, 106. See also encryption
Current User store, 110
Custom Actions page, 162, 164