![]() The iPad supports the maximum encryption setting. As this Microsoft KB article makes clear, these options actually ensure that IPsec gets used, with the different grades here representing different algorithm proposal combinations. In Server Manager -> NPS -> Policies -> Network Policies create a policy with the following settings, making sure to set the encryption settings. You can define a subnet for this purpose in the IPv4 tab here, but you will need to remember to add a static route entry on your router pointing traffic for this subnet to the RRAS server. It’s useful to keep your VPN clients on a different subnet to your servers, however multihoming with several NICs can cause problems, particularly if your RRAS server is also a Domain Controller. The L2TP/IPsec Pre-Shared Key is configured by right-clicking on the top level of Routing and Remote Access in Server Manager -> Properties -> Security tab: I did find a long forum thread about certificate auto-enrollment, and a Microsoft Directory Services team blog post, but I suspect they may relate more to 802.1x: It may be possible to force your way around this with the iPhone Configuration Utility (designed for applying corporate settings to iOS) but information is pretty scant. The VPN connection settings GUI in Mac OS 10.6 for instance will allow either method, but not in iOS. As far as I have been able to discover, it seems that the iPad only supports Pre-Shared Key authentication for the IPsec tunnel, rather than certificates-based. For more information on those, other guides exist. I am going to assume a knowledge of both NPS and RRAS. For initial testing though you should probably create a rule to allow all traffic to and from your test client. Using details from this Technet post I created the following custom service object on the Netscreen firewall, and allowed it inbound to the RRAS server (IP protocols 50 and 51, UDP 5). If this is the case you’ll need to grant IPsec traffic access from the public internet. This post will outline how to configure Windows Server 2008 R2’s NPS/ RRAS role to host L2TP/IPsec connections which will allow iPads and iPhones to connect securely into your Windows infrastructure without the need for additional client software.įirstly, it’s likely that your NPS/RRAS server is behind a perimeter firewall. The Juniper Netscreen firewall only supports L2TP with certificates and not Pre-Shared Key so that was also ruled out. I had considered using Apple’s support for Cisco IPsec but that would have meant exposing the core switch where I work. Here’s a concise comparison of PPTP versus L2TP/IPsec which describes that weakness: ![]() Judging by what I could find online, most people simply give up and use PPTP instead which has significant security vulnerabilities. I spent quite a while experimenting with L2TP over IPsec with my iPad 2, and surprisingly found no useful guides as to how to configure it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |