I have a client that has a Win 2003 R2 server without AD installed. I have an ASA 5505 which is going to terminate the L2TP over IPSec tunnels (Win XP SP2 or later clients...hopefully). My question is what options do I have for authentication against the local SAM database? I read tons of documents and it seems that LDAP and Kerberos authentication require AD, NTLM can be used only with Web VPN for SSO (besides that it's deprecated in Win 2003 as far as I know) so the only option I've got is running IAS (part of the default packages coming with Win 2003 R2, not an additional soft, right?) and utilizing the local SAM, is that right?
The only thing that bothers me is "The following groups are in this condition" window. What properties should a Win 2003 user group have so that it's eligible for use by the IAS service for authentication purposes? Also - has anyone deployed this setup, are there any non-obvious obstacles/problems that occur? I'm a little bit scared as my Win 2003 administration skills are not pretty good and don't wanna mess up something I cannot fix later.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...