"Wells Caughey" <wellscaug***@hotmail.com> wrote in message
news:uMf6LPfKHHA.1816@TK2MSFTNGP06.phx.gbl...
> Hello everyone,
>
> At my company the vast majority of our users are out in the field and
> connect to the internet using a varity of network providers, none of which
> we control or want to control.  In order to allow the user's laptops to
> connect to the corporate network, we have configured the user's laptops to
> use the Windows XP VPN client.  This has been an imperfect solution at
> best because our users rarely need connect directly to the corporate
> network, and everytime they do need to connect, the process is stressful
> and confusing to them.
>
> Ideally I would like to be able to setup the VPN client in a similar
> manner as the demand-dial connections in Windows 2003 Server, but through
> some research I have found that this is not supported on XP.  Alternately
> I'd like a driver that looked a standard ethernet adapter, but actually
> created a VPN connection.
>
> Does anyone know how to make these VPNs behave better?
>
> Thanks,
> Wells
>

"Sooner Al [MVP]" <Soone***@somewhere.net.invalid> wrote in message
news:A71E21C2-878F-4FF6-8853-66D666AB1D61@microsoft.com...
> "Wells Caughey" <wellscaug***@hotmail.com> wrote in message
> news:uMf6LPfKHHA.1816@TK2MSFTNGP06.phx.gbl...
>> Hello everyone,
>>
>> At my company the vast majority of our users are out in the field and
>> connect to the internet using a varity of network providers, none of
>> which we control or want to control.  In order to allow the user's
>> laptops to connect to the corporate network, we have configured the
>> user's laptops to use the Windows XP VPN client.  This has been an
>> imperfect solution at best because our users rarely need connect directly
>> to the corporate network, and everytime they do need to connect, the
>> process is stressful and confusing to them.
>>
>> Ideally I would like to be able to setup the VPN client in a similar
>> manner as the demand-dial connections in Windows 2003 Server, but through
>> some research I have found that this is not supported on XP.  Alternately
>> I'd like a driver that looked a standard ethernet adapter, but actually
>> created a VPN connection.
>>
>> Does anyone know how to make these VPNs behave better?
>>
>> Thanks,
>> Wells
>>
>
>
> Not being a server guy the only thing I can suggest is possibly a script
> that calls "rasdial" when a certain application is started. That may not
> be what your looking for though...
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>

"Wells Caughey" <wellscaug***@hotmail.com> wrote in message
news:uDQiXEjKHHA.3268@TK2MSFTNGP04.phx.gbl...
> Thanks for the quick reply, Al.
>
> It is not so much that any particular application needs to access the
> corporate network, but rather that our people stay out in the field for
> months or years at a time, and Windows XP needs to synchronize with the
> domain to make sure that the user's account credentials are still valid.
> Alternatively, some of the users may swap machines or reprovision spares
> that don't already have a copy of the new user's profile.  This means
> another connection to active directory...
>
> I know that these tasks can be done by chosing the "connect using a slow
> connection" checkbox on the login screen, but this is confusing to our
> users and I would prefer the entire VPN to be invisible to our users.  To
> me this means that the VPN either needs to permanent or demand-dialed, but
> I don't know how to do either.
>
> As an alternative, I have thought about making our domain controller
> publicly visible on the internet and using the domain isolation aspect of
> IPSEC to protect the domain controller from unauthorized machines...  Does
> this sound plausable?
>
> Thanks,
> Wells
>

"Sooner Al [MVP]" <Soone***@somewhere.net.invalid> wrote in message
news:D09FD01C-0A81-4F03-9214-08DB940D65C7@microsoft.com...
> "Wells Caughey" <wellscaug***@hotmail.com> wrote in message
> news:uDQiXEjKHHA.3268@TK2MSFTNGP04.phx.gbl...
>> Thanks for the quick reply, Al.
>>
>> It is not so much that any particular application needs to access the
>> corporate network, but rather that our people stay out in the field for
>> months or years at a time, and Windows XP needs to synchronize with the
>> domain to make sure that the user's account credentials are still valid.
>> Alternatively, some of the users may swap machines or reprovision spares
>> that don't already have a copy of the new user's profile.  This means
>> another connection to active directory...
>>
>> I know that these tasks can be done by chosing the "connect using a slow
>> connection" checkbox on the login screen, but this is confusing to our
>> users and I would prefer the entire VPN to be invisible to our users.  To
>> me this means that the VPN either needs to permanent or demand-dialed,
>> but I don't know how to do either.
>>
>> As an alternative, I have thought about making our domain controller
>> publicly visible on the internet and using the domain isolation aspect of
>> IPSEC to protect the domain controller from unauthorized machines...
>> Does this sound plausable?
>>
>> Thanks,
>> Wells
>>
>
>
> Wells,
>
> Try posting to the microsoft.public.windows.server.networking news group
> for help. I think you may get more authoritive responses there...
>
> Good luck...
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>