Authentication of VPN clients

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Authentication

The authentication of virtual private network (VPN) clients by the VPN server is a vital security concern. Authentication takes place at two levels:

1. Computer-level authentication

   When Internet Protocol security (IPSec) is used for a Layer Two Tunneling Protocol (L2TP) over IPSec (L2TP/IPSec) VPN connection, computer-level authentication is performed through the exchange of computer certificates or a preshared key during the establishment of the IPSec security association. For more information, see Internet Key Exchange.

2. User-level authentication

   Before data can be sent over the Point-to-Point Tunneling Protocol (PPTP) or L2TP tunnel, the remote access client or demand-dial router that requests the VPN connection must be authenticated. User-level authentication occurs through the use of a Point-to-Point Protocol (PPP) authentication method. For more information, see Remote Access Authentication Methods.

For more information, see Network access authentication and certificates.