With the release of Windows 7/ Server 2008 R2 came some new VPN technologies. These include DirectAccess, IKEv2 protocol, and VPN reconnect. These new features are invaluable for use in enterprise organizations. Another big plus to both of these technologies is the increased network security they bring over using older technologies like PPTP, SSTP and L2TP/IPsec. Depending on your companies IT Network Security Policy these technologies can make it safe for your mobile staff to connect from anywhere in the world that they have an Internet connection. Not every edition of Windows 7 Supports DirectAccess, so the focus of this blog post will be VPN protocols for your VPN Installation.
Every edition of Windows 7 supports VPN using the PPTP, L2TP/IPsec, SSTP, and IKEv2 protocols. Traditional VPN technology is important because, except for IKEv2, these technologies are compatible with existing remote access infrastructures and do not require an organization to upgrade any servers to Windows Server 2008 R2. PPTP and L2TP/IPsec VPNS are also compatible with third-party remote access solutions. This is important if your organization does not rely upon a Windows Server remote access infrastructure.
IKEv2 is a VPN protocol new to Windows 7 and is not present in previous versions of Windows. IKEv2 supports IPv6 and the new VPN Reconnect feature. IKEv2 supports Extensible Application Protocol (EAP) and computer certificates for client side authentication. This includes Microsoft Protected EAP (PEAP), Microsoft Secured Password (EAP-MSCHAP v2), and Microsoft Smart Card or Other Certificate. IKEv2 does not support POP, CHAP, or MS-CHAPv2 (without EAP) as authentication protocols. IKEv2 supports data origin authentication, data integrity, replay protection, and data confidentiality. IKEv2 uses UDP port 500. When you configure a new Windows 7 VPN connection with the default settings, Windows 7 attempts to make an IKEv2 connection first.
VPN Reconnect is a feature new to Windows 7. When you connect to a VPN server using the PPTP, L2TP/IPsec, or SSTP protocol and you suffer some sort of network disruption, you can lose your VPN connection and need to restart it. If you were transferring a file, downloading e-mail, or sending a print job, you need to start over from the beginning. VPN Reconnect allows clients running Windows 7 to reconnect automatically to a disrupted VPN session even if the disruption has lasted for 8 hours. VPN Reconnect also works if connecting to a new Internet access point causes the disruption. For example, a user might be using a VPN connection to his corporate network using the wireless network at company A with its own wireless network then travels to company B with a different wireless network. With VPN Reconnect, the user’s VPN connection is re-established automatically when he achieves Internet connectivity with the new network. With a traditional VPN solution, this user would have to reconnect manually once he connected to the new wireless network at company B, and any existing operations occurring across the VPN would be lost.
As you can see there is a protocol to support just about any need your organization may have. Depending on your companies Network Security Policy, and Network Infrastructure Design, one of these technologies could be the right one for you. SkyByte has been working with VPN for almost two decades. We are well versed in all types of VPN and network security projects.