What's New in Routing and Remote Access in Windows Server 2008

Server Manager Server Manager is a new feature designed to guide information technology (IT) administrators through the process of installing, configuring, and managing server roles and features that are part of Windows Server 2008. Server Manager is started automatically after the administrator completes the tasks listed in Initial Configuration Tasks. After that, it is started automatically when an administrator logs on to the server. SSTP tunneling protocol Secure Socket Tunneling Protocol (SSTP) is a new form of virtual private networking (VPN) tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAPTLS. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking.

VPN enforcement for Network Access Protection VPN enforcement provides strong limited network access for all computers accessing the network through a VPN connection. VPN enforcement with Network Access Protection (NAP) is similar in function to Network Access Quarantine Control, a feature in Windows Server 2003, but it is easier to deploy. NAP is a client health policy creation, enforcement, and remediation technology that is included in Windows Vista® client operating system and in the Windows Server 2008 operating system. With NAP, system administrators can establish and automatically enforce health policies, which can include software requirements, security update requirements, required computer configurations, and other settings. When making VPN connections, client computers that are not in compliance with health policy can be provided with restricted network access until their configuration is updated and brought into compliance with policy. Depending on how you choose to deploy NAP, noncompliant clients can be automatically updated so that users can quickly regain full network access without manually updating or reconfiguring their computers.

IPv6 support

Data Encryption Standard (DES) encryption algorithm with Message Digest 5 (MD5) integrity check support is removed. 40 and 56-bit RC4 support is removed.Windows Server 2008 and Windows Vista support the following enhancements to Internet Protocol version 6 (IPv6): y y y Protocols o PPPv6. AES 192 (new). Native IPv6 traffic can now be sent over PPP-based connections. In Windows Server 2008. For example. New cryptographic support In response to governmental security requirements and trends in the security industry to support stronger cryptography. and 3DES encryption algorithms. PPPv6 support allows you to connect with an IPv6-based Internet service provider (ISP) through dial-up or PPP over Ethernet (PPPoE)based connections that might be used for broadband Internet access. Routing and Remote Access is configured to accept only Internet Protocol version 4 (IPv4) connections. PPTP y y Only 128-bit RC4 encryption algorithm is supported. Windows Server 2008 and Windows Vista support the following encryption algorithms for PPTP and L2TP VPN connections. AES 128 (new). but can be added (not recommended) by changing a registry key. L2TP/IPsec IKE Main Mode will support: y Advanced Encryption Standard (AES) 256 (new). based on the following parameters: o Source IPv6 address/prefix o Destination IPv6 address/prefix o Next hop type (IP protocol type) o Source Port number (TCP/UDP) o Destination Port number (TCP/UDP) RADIUS over IPv6 transport IPv6 configuration By default. but can be added (not recommended) by changing a registry key. (RFC 2472). you can use the Routing and Remote Access Microsoft Management Console (MMC) to configure IPv6 routing and connections. o PPPv6 over dial-up/Ethernet as well as VPN tunnels o L2TP over IPv6 o DHCPv6 Relay Agent Stateless filtering. .

Serial Line Interface Protocol (SLIP).y y Secure Hash Algorithm 1 (SHA1) integrity check algorithm. The SPAP. IKE Quick Mode will support: y y AES 256 (new). AES 128 (new). EAP-MD5-CHAP.25. NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. Removed technologies Support for the following technologies has been removed from Windows Server 2008 and Windows Vista: y y y y y y y y y y y Bandwidth Allocation Protocol (BAP). and 3DES encryption algorithms. Static IP filter application programming interfaces (APIs) for Routing and Remote Access (replaced with Windows Filtering Platform APIs). and MS-CHAP authentication protocols for PPP-based connections. AES 192 (new). Removed from Windows Vista. SHA1 integrity check algorithm. Services for Macintosh. SLIP-based connections will automatically be updated to PPP-based connections. Open Shortest Path First (OSPF) routing protocol component in Routing and Remote Access. Disabled in Windows Server 2008. X. Asynchronous Transfer Mode (ATM). Diffie-Hellman (DH) groups 19 (new) and 20 (new) for Main Mode negotiation. . Basic Firewall in Routing and Remote Access (replaced with Windows Firewall). IP over IEEE 1394.