Posted by: kurtsh | October 30, 2012

INFO: Cisco compatible VPN solutions for Windows RT & Surface

UPDATE 11/1/12:
This post has gotten quite a bit of attention.  Please do not assume that what I’ve written is the end-all-be-all of Windows RT’s support for VPN technologies.  This post narrowly discusses “Cisco VPN connectivity for Windows RT”… that’s it.  I am not addressing anything else other than that because I don’t know the details of anything about other solutions like SSL VPNs or Citrix Access Gateway, Netscalar, etc.  The fact that Juniper is mentioned is a consequence of the response I got alone.

—————–

ORIGINAL POST:
imageThe TechEd 2012 session “Windows 8: Windows RT Devices for Business”  (http://channel9.msdn.com/
Events/TechEd/NorthAmerica/2012/WCL202) stated at the 26 min mark that Microsoft incorporate the Cisco VPN client into Windows RT out of the box.

This of course had me intrigued given the number of people that are interested in Cisco VPN connectivity for Surface for Windows RT.  So I asked, and the short answer is that we provide a VPN client out of the box that is capable of connecting to Cisco or Juniper VPN solutions however specific conditions/configurations must be met & you may not have a configuration or version of these VPN vendors solutions that will fit the bill.

This is the response I got:

There is a standard VPN client included in Windows RT that is capable of connecting to the Cisco VPN server.  From http://technet.microsoft.com/en-us/library/jj613765, you can see this table that describes the capabilities of this client in regards to connections to Cisco and Juniper VPN devices:

3rd party VPN Server solution

OS version

Tunnels supported

Authentication methods supported

Crypto Suits supported

CISCO (2951 VPN Server)

IOS 15.1.4
  • PPTP
  • L2TP / IPSec with PSK
  • L2TP / IPSec with Cert
  • IPSec (IKEv2)
  • CHAP
  • PSK (over v4 and v6)
  • Machine Certificate
  • EAP1

IPSec:

AH auth: HMAC_SHA_1_96, HMAC_MD5_96

ESP Encryption: AES_128, CBC_3DES, CBC_DES, None

Juniper (SSG series)

6.2.0r5.0
  • L2TP / IPSec with PSK
  • L2TP / IPSec with Cert
  • IPSec (IKEv2)
  • CHAP
  • PSK (over v4 and v6)
  • Machine Certificate
  • EAP1

IKEv2:

Encryption: 3DES, AES_128, AES_192, AES_256

Integrity:SHA1, SHA_256, SHA_384

DH Group: DH2

You can then configure the in-box VPN client using PowerShell:
http://technet.microsoft.com/en-us/library/jj613766.aspx

For organizations with different versions than above, different authentication methods, or different VPN configurations, we don’t have additional guidance to offer at this point in time.

Posted in Uncategorized

«
»

Categories