The Basic security settings apply only to down-level clients,
and selecting Use Basic Security Settings from the drop-down box allows for only settings
that all clients can use. This effectively dilutes the security options available and is not
recommended. Selecting Use Both Basic and Advanced from the drop-down box, however,
enables the client OS to determine which settings to use.
Clicking on the Configure tab under the Basic Security Settings tab enables down-level OS
protocol options to be specified, which are limited to basic PPTP and L2TP settings.
The Advanced Security Settings (click on the second Configure button) enable authentication
methods to be selected. Take particular care to select only those forms of authentication
that provide the greatest amount of security that can be supported by the clients
themselves. Ideally, this involves forcing encryption using L2TP only, with MS-CHAP v2 as
the only authentication method, as shown in Figure 9.30.
The TCP/IP Settings tab can be used to manually assign DNS and WINS servers to VPN
clients. This is often handled by internal DHCP servers, so it is not always necessary to fill
in these fields.
Pages:
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462