I am trying to set up a vpn connection on the xda. I can get this to work if I set up my firewall to accept un-encrypted data, but obviously this is not the best.

Does WM2003 support MPPE encryption? At what level (ie. 40 bit, 50-whatever bit, 128 bit)?

Thanks,
Cuinn.

Unless you use a client for your firewall (SecuRemote for Checkpoint / EasyVPN and others for Cisco) you can only initiate L2TP or PPTP connections which will terminate fine onto a 2000 server / ISA server even over a Natted connection.

Bear in mind if you use a client, SecuRemote grinds my connection to a halt over GPRS as the processing overhead on the XDA is horrendous. L2TP/PPTP terminated on an MS ISA server seems the best solution. You can always hide ISA behind your proper firewall for added security, but the licensing will cost you unless you already use it as a proxy etc.

Thanks Pete,

I am running a PPTP VPN currently, which should support MPPE Data Encryption, but which does not seem to work. I have a PIX firewall, so I have also tried Movian VPN client, but I also am unable to get this to work at all. I can use PPTP if I accept un-encrypted data, but would prefer all data to be encrypted. I am terminating the VPN on my PIX which supports either 40 bit or 128 bit MPPE and the question I really want answered is does WM2003 PPTP VPN support MPPE and at what encryption level?

Cuinn.

Following earlier post, I found this in the Checkpoint SecureClient for PPC docs.

3. Is the Client supposed to be able to connect to the Check Point gateway when cradled?

When cradled, the client may use the ActiveSync pass-through connection mechanism.
Since the current version of Win CE SecureClient does not support encryption via pass-through connection, you will be able to authenticate to your gateway, if it allows unencrypted authentication. This means that you will be able to add a new site this way, but not to use VPN (encrypted) communications with it.


Just thought of your situ, maybe this helps. And it's about time Checkpoint write a client that works with WM2003!. Just my two penneth!

The pass-through connection only supports TCP/IP (up to a certain point) and does not support UDP at all.
Hence VPN connections via the cradle will not work (PPTP and L2TP both use UDP, and I assume the other VPN/IPSec implementations do as well)

After some serious texting I can confirm on Windows 2003 server (not 2000) and ISA server 2000 on it, you can successfully run GPRS connection with L2TP or PPTP happily via a natted GRPS IP address. This has saved me LOADS of hastle with a business implementation. It hands over between cells on the mobile network, can get new IP address (which seems to happen on Vodafone handover a lot) and still maintain the connection (well really quickly re-make it, almost seamlessley)

Finally, I have raised a call with Checkpoint about Securemote client for WM 2003 and they still will give no fixed date, stating still within 6 months..... I hate them!

Anyway, the full MS implementation is working well, currently around 250 handsets on it, only another 350+ to go!