UPDATE 11/1/12:
This post has gotten quite a bit of attention. Please do not assume that what I’ve written is the end-all-be-all of Windows RT’s support for VPN technologies. This post narrowly discusses “Cisco VPN connectivity for Windows RT”… that’s it. I am not addressing anything else other than that because I don’t know the details of anything about other solutions like SSL VPNs or Citrix Access Gateway, Netscalar, etc. The fact that Juniper is mentioned is a consequence of the response I got alone.
—————–
ORIGINAL POST:
The TechEd 2012 session “Windows 8: Windows RT Devices for Business” (http://channel9.msdn.com/
Events/TechEd/NorthAmerica/2012/WCL202) stated at the 26 min mark that Microsoft incorporate the Cisco VPN client into Windows RT out of the box.
This of course had me intrigued given the number of people that are interested in Cisco VPN connectivity for Surface for Windows RT. So I asked, and the short answer is that we provide a VPN client out of the box that is capable of connecting to Cisco or Juniper VPN solutions however specific conditions/configurations must be met & you may not have a configuration or version of these VPN vendors solutions that will fit the bill.
This is the response I got:
There is a standard VPN client included in Windows RT that is capable of connecting to the Cisco VPN server. From http://technet.microsoft.com/en-us/library/jj613765, you can see this table that describes the capabilities of this client in regards to connections to Cisco and Juniper VPN devices:
3rd party VPN Server solution
OS version
Tunnels supported
Authentication methods supported
Crypto Suits supported
CISCO (2951 VPN Server)
IOS 15.1.4
- PPTP
- L2TP / IPSec with PSK
- L2TP / IPSec with Cert
- IPSec (IKEv2)
- CHAP
- PSK (over v4 and v6)
- Machine Certificate
- EAP1
IPSec:
AH auth: HMAC_SHA_1_96, HMAC_MD5_96
ESP Encryption: AES_128, CBC_3DES, CBC_DES, None
Juniper (SSG series)
6.2.0r5.0
- L2TP / IPSec with PSK
- L2TP / IPSec with Cert
- IPSec (IKEv2)
- CHAP
- PSK (over v4 and v6)
- Machine Certificate
- EAP1
IKEv2:
Encryption: 3DES, AES_128, AES_192, AES_256
Integrity:SHA1, SHA_256, SHA_384
DH Group: DH2
You can then configure the in-box VPN client using PowerShell:
http://technet.microsoft.com/en-us/library/jj613766.aspx
For organizations with different versions than above, different authentication methods, or different VPN configurations, we don’t have additional guidance to offer at this point in time.