A new VPN server (stand alone) and smartcard authentication

[J.H]

Hi all,

Please advise whether any thing we need to deploy the following VPN
scenario:

- A Windows 2003 VPN server with smartcard authentication for Internet VPN
client
( we do have the routing plan in place to support the Internet VPN client,
we just want
to know what it has to be to have a stand-alone VPN server with smart card
authentication
without Active Directory)

Question:
- What do we need to deploy the scenario above in Stand-Alone mode without
the integration of Active Directory? (I want to whole architecture to be
seperate from
our current Windows 2000 Domain architecture, thus I know that we have to
maintain
the stand-alone authentication on the VPN side.)
- Can we just use one VPN server for this scenario?
- I think we might need to deploy:
- A VPN server, which is also IIS (for CA enrollment), a CA
- An Administrator's workstation to provision the certificate and
smartcard
- Open firewall for TCP 1723 and IP 47 protocol
- What do we actually need to deploy a stand-alone VPN server with
smartcard authentication?

Please help....!!!

J.H

 

[Priya Raghavan [MSFT]]

Answers to your questions below:

1.) For EAP authentication, you require domain credentials. So, active
directory is a must.
2.) Yes, one VPN server should be sufficient for this.
3.) You will need a VPN Server, a Domian Controller, CA and IIS (CA and IIS
can be configured on the DC itself)