PPTP and Certificates

[allenEd]

Hi Experts,

I have sucessfully setup a VPN server on a W2k member ISA server (through RRAS).

We use PPTP with strong encription. There are about 10 client PC's mixed bag of W98, XP Pro and Win2K, that connect via GPRS mobile cards or POTS, via an internet connection.

There is no problem as such, but I would like to install a certificate on the client PC's so that only these pc's can use the connection. (for added security)

Is there anyway I can do this?

Please note that we are restricted to PPTP because some users are using GPRS...



Any help would would be appricated..

thanks
Allen

 

[John Lewis]

PPTP doesn't allow for certificates, you would need to move to IPSec/L2TP for that, which would at least be difficult if not impossible given the situation.

One thing you could do -- I don't know how to do it, only that it is possible -- would be to limit the IPs that are allowed to make a connection. I would guess that many of your users have a dynamic IP, so you could not limit to specific addresses, but you could at least limit to the ranges used by the known ISPs. Again, I don't know how to implement, I usually use a linux box in such a case which makes life real easy. Might poke around the W2K server forum and ask if you don't get anything better here.