VPN Dillema

[versello]

I'm the stages of VPN implementation in my company with ISA Server 2004, and I have a few remote users that are not members of my domain... what would you reccomend?

1. Make a subordinate CA accessible to them

-or-

2. Allow both PPTP and L2TP, so they can log in, get issued a certificate, and then have them switch over to L2TP. Fortunately, this would only have to be done once, and I'll prolly use CMAK to make the connections automatically.

-or-

3. Generate a cert on my end and send them it (although this may be tough as I don't have the names of their machines... poor documentation before I came aboard).

 

[versello]

Not a single person has any reccomendation?

 

[Haven]

What all do they need to access? Is there a way to accomplish this access without using VPN?

Or do they need to access file shares? If so then they will need user accounts in the domain. Same thing with just about anything. THe only things I can think of where you are giving some sort of anonymous access would be FTP or Web.

 

[versello]

They need access to my file shares and they have accounts in AD.

We also have internal laptop users that require access to my servers when they are abroad, so VPN would prolly be the only solution.

 

[big daddy fatsacks]

PPTP would not require digital certificates as far as i recall. you just need an IAS server to authenticate them.