Security Solutions
3-46
Designing Access Controls
Make Decisions about Remote Access (VPN)
Table 3-29. Endpoint Compatibility for Remote Access
Although remote users often connect with their own endpoint, you can require
them to install a vendor VPN client rather than use their endpoint’s native
capabilities. You are, after all, granting them convenient, remote access to the
private network. Expecting them to install and use the client and settings that
you choose may not be unreasonable.
When you have little control over the remote endpoints, you might want to
choose preshared keys as the authentication method over digital certificates,
which must be installed on every endpoint with which remote users access
the network.
Example
Most faculty members will log in to the network from their homes. Their
personal endpoints may run either the Windows or Mac OS. The PCU network
administrators have no control over these endpoints. When considering only
endpoints and the degree of control they have over them, PCU network
administrators decide that either of the VPN options displayed in Table 3-30
will work.
OS Native Capabilities With VPN Client
• Windows Vista • PPTP
• L2TP/IPsec
• Secure Socket
Tunneling Protocol
(SSTP)—not discussed
in this guide
IPsec with IKE
• Vendor client
•Windows XP
• Windows 2003 Server
• Windows 2000
•PPTP
• L2TP/IPsec
IPsec with IKE
• ProCurve VPN Client
• Other vendor client
Macintosh OS X 10.3 or later • PPTP
• L2TP/IPsec
IPsec with IKE
• Vendor client
• Red Hat Enterprise Linux 3.0 or
later
• IPsec with IKE—you
must install ipsec-tools
IPsec client
• Free S/WAN for Linux
• SUSE Linux Enterprise 9.1 or
later
• IPsec with IKE IPsec client
• Free S/WAN for Linux