I'm looking for a VPN server solution that allows clients to use the native Windows Vista VPN client. Main reason is cost, since I am in a startup with little funds and not having to spend $50 per client for software, as well as not having to install any more software, is very appealing to me.
The only thing this will function is the VPN server. I already have a firewall solution, so this is of no importance to me. From what I understand, Vista's client will not connect on an IPSec VPN connection, which is what my firewall provides.
Edit:
I do not want to expose SQL Server externally, this is the main reason I want VPN. Is this something Windows Server 2003 could handle? Regardless, it would be cheaper finding a smaller hardware firewall solution I would think.
The native VPN client in Vista can connect to any VPN server that supports PPTP, L2TP, or SSTP.
So yes, VPN in Server 2003 will work as long as you enable one of the protocols listed above. This guide can get you started.
Just set up a Windows 2003 server. In the Routing and Remote Access component, you can enable it as a PPTP VPN endpoint.
In your firewall, you will need to open ports TCP 1723, and GRE (Generic Routing Encapsulation) protocol.
If you do not enable GRE, you will get to the "Verifying username and password..." step but never the "Registering your computer on the network" step - that's how you know. :)
Hope that helps... works great once set up.
Windows Server 2003 can certainly handle it, just install RRAS. PPTP is easy to implement, and a good choice if there's low security risk/compliance threshold. However, L2TP is more secure and a better choice if security is any kind of an issue. You'll need to open UDP ports 500, 4500 (for NAT traversal), and 1701 on your firewall to allow access, and port forward these to the 2003 box. SQL will still be available only to the internal network and those connected via VPN. Certificates can be a pain, but if you have a relatively small number of clients you can create an offline CA to produce certificates for the server and each client. We used OpenSSL (Shining Light's Windows implementation is great) and installed ActivePerl just because the CA.pl syntax in OpenSSL is muuuuuuuuuch more friendly (both free downloads). You can import the certificates in each windows server/client with the certificates snap-in in mmc.
Seems to me like you need a Windows Server. Microsoft recently introduced something called Windows Server 2008 Foundation which might suit you. WSF is purchased pre-installed by an OEM and requires no CALs, but is limited to 15 users.
But, what do you need the VPN for? Might a Small Business Server be a better solution with it's Remote Web Workplace?
Ended up going with a Cisco PIX 501. I'll deal with 3rd party VPN software at this point.