In Chapter 5, “Remote Access VPN Components and Design Points,” we described the components and design points for remote access virtual private network (VPNs) using the Microsoft Windows Server 2003 and Windows XP family of operating systems. Now we’ll get into the nuts and bolts of implementing remote access VPNs. We’ll step through the deployment of Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol with Internet Protocol Security (L2TP/IPSec) remote access VPN solutions. There are many areas to cover to ensure proper deployment: set up of clients, servers, authentication systems (both Remote Authentication Dial- In User Service [RADIUS] and Windows based), name resolution services, remote access policies, securing communications between the internal resources, and other fine-tuning. Our suggestion is to read through this chapter first so that you know what you’ll encounter during your deployment—that way you can first make your choices of what and what not to deploy, and then come back to the beginning of the chapter and take it step by step.
Does it seem overwhelming? It can be, but if you take each piece step by step as we have outlined here, you should get through it—and if you have problems, the following chapters give you a complete outline and detailed procedures on how to troubleshoot the installation and operations.
In previous chapters, we covered security and deployment options and choices you need to make. Those chapters covered the pros and cons of two specific VPN protocols sets and how to decide which to deploy, so by now you should have a good idea which protocols to deploy for your organization. Due to the similarities of the deployments of a PPTP or L2TP/IPSec VPN solution, we will go through the process of remote access VPN deployment and point out where there are differences between the deployment of L2TP/IPSec and PPTP in the process. We are going to use certificates for the overall deployment because no matter which tunneling protocol you choose, certificates make for the most secure installation.