VPN through BSD for Win2k, totally baffled

[Michael Collette]

On Thursday 08 May 2003 05:26 am, Jacques A. Vidrine wrote:
> It's hard to tell from your message where you are getting lost, but I'll
> give it a shot.  Assuming you have all your certificates (let's call
> them client.crt/client.key, server.crt/server.key, and ca-local.crt):

Took me a while to figure out how to even ask the question!  After heading 
down a bunch of dead ends and all.

A couple of follow up questions to this.  If I go the route of handing out 
certificates to end users, is there a mechanism for revoking their rights to 
enter?  Employees do get other jobs, and almost all of them are using laptops 
which they travel with.  We've had folks get laptops stolen.

Is the cert an all or nothing kinda deal.  For instance, I need a different 
level of access than a salesperson.  We have a programmer who needs access to 
different resources than myself or sales.  All of these outside folks are on 
dynamic IPs.

With these additional needs in play am I still wise to head down the road of 
IPSec certificates?

Later on,
-- 
"Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark 
to read."
 - Groucho Marx