You administer Windows 8.1 Enterprise laptops. All of the computers are members of an Active Directory domain.
You are in a remote office. You connect to a variety of Microsoft clients in the main office, including Windows 8, Windows XP, and Server 2008. The VPN authentication traffic must be encrypted.
You need to establish a VPN connection that will allow you to connect to all Microsoft clients. Which of the following should you use?
A. EAP-TLS
B. MS-CHAP v2
C. 802.1X
D. RADIUS
E. PPTP
F. L2TP/IPSEC
G. IPSEC/IKEv2
H. SSTP
Correct Answer: G
Explanation/Reference:
VPN profile properties
The VPN profile created is a single-user VPN profile with the following properties:
A: Authentication Method
User can choose authentication method to be used for the VPN connection. The authentication method can be the following:
i. User name and password: When user selects this option, the VPN client negotiates the username- password based authentication methods with the server. Client will be able to negotiate MSCHAP v2, EAP- MSCAHPv2, PEAP with MSCHAPv2 as inner method, EAP-TTLS with inner method as PAP (for non-domain joined only) and EAP-TTLS with inner method as MSCHAPv2 (for domain joined only) with the VPN server. Once the user selects this authentication method, he has the option of entering User name and password in the UI itself.
ii. Smart Card
ii. One-time password
Tunnel Type
The Tunnel Type is set to `Automatic’, which results in IKEv2, SSTP, PPTP and L2TP tunnel types being negotiated (in that order). Once the tunnel is negotiated, the VPN client remembers it for the subsequent connections. User cannot change tunnel type through PC Settings.
Encryption Level
The encryption level is by default set to `Optional Encryption’. For IKEv2 and L2TP, this encryption level has been expanded to negotiate all the IPsec proposals that are supported. Admins can control the proposal to be used by specifying it on the VPN server (using Set- VpnServerConfiguration cmdlet for Windows RRAS). For PPTP connections, when set to `optional encryption’ the VPN client does not require encryption but uses it if it is required by the VPN server. The encryption setting is not used for SSTP connections, hence, as before, they remain unaffected by it. User cannot change Encryption Level through PC Settings.
Reference: Configuring native VPN client through PC Settings
