Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Shiva Password Authentication Protocol (SPAP) Point-to-Point Tunneling Protocol (PPTP)
Microsoft Windows 2000 Authentication Protocols Support the Windows NT 4.0 authentication protocols Extensible Authentication Protocol (EAP) Remote Authentication Dial-In User Service (RADIUS) Internet Protocol Security (IPSec) Layer Two Tunneling Protocol (L2TP) Bandwidth Allocation Protocol (BAP)
Extensible Authentication Protocol (EAP) Is an extension to the Point-to-Point protocol (PPP) Works with dial-up, PPTP, and L2TP clients Allows arbitrary authentication mechanisms to validate a dial-in connection Supports authentication by using generic token cards, MD5-CHAP, and TLS Allows vendors to supply new client and server authentication modules
Remote Authentication Dial-In User Service (RADIUS) RADIUS provides Remote user authentication that is vendor-independent. Scaleable authentication designs for performance. Fault-tolerant designs for reliability. Windows 2000 can act as a RADIUS client or server.
Windows 2000 Can Act as a RADIUS Client Is typically an ISP dial-up server Receives authentication requests Forwards the requests to a RADIUS server A Windows 2000 RADIUS client Can also forward accounting information Is configured on the remote access server’s Securities tab
Windows 2000 Can Act as a RADIUS Server A RADIUS server validates the RADIUS client request. Windows 2000 uses Internet Authentication Services (IAS) to perform authentication. IAS stores accounting information from RADIUS clients in log files. IAS is one of the optional components you can add.
Internet Protocol Security (IPSec) Consists of a set of security protocols and cryptographic protection services Ensures secure private communications over IP networks Provides aggressive protection against private network and Internet attacks Negotiates a security association (SA) with clients that acts as a private key to encrypt the data flow
Layer Two Tunneling Protocol Similar to PPTP Creates an encrypted tunnel Does not provide encryption Works with encryption technologies such as IPSec
Differences Between L2TP and PPTP L2TP does not require an IP-based transit network. L2TP supports header compression. L2TP supports tunnel authentication. L2TP uses IPSec for encryption and PPTP uses PPP encryption.
Bandwidth Allocation Protocol (BAP) and Bandwidth Allocation Control Protocol (BACP) Dynamically add or drop links on demand Are PPP control protocols Provide bandwidth on demand 10
Allowing Inbound Dial-Up Connections
Configuring Devices for Incoming Connections
Allowing Virtual Private Connections Click Next on the Devices For Incoming Connections page. Select either to allow or not allow virtual private connections on the Incoming Virtual Private Connection page.
Specifying Users and Callback Options
Selecting Networking Components Choose the networking components to enable for incoming calls. Install additional networking components.
Dial-Up Connections
Connections to a Virtual Private Network (VPN) Create a VPN by using tunneling protocols such as PPTP or L2TP. Create secure connections across an untrusted network. Select Connect To A Private Network Through The Internet. Decide if you want to select Automatically Dial This Initial Connection. Enter the host name or IP address to which you are connecting. Specify who can use the connection.
Direct Connection to Another Computer Through a Cable Select Connect Directly To Another Computer. Select whether your computer will be the host or the guest for the connection. Select the port that is connected to the other computer. Specify the users who can use this connection. Decide if you want a shortcut icon on your desktop.