I was recently asked this very question and I responded with "Windows Server 2008/2003/2000 and Windows Vista/XP" provide excellent built-in Virtual Private Networking features that are standards compliant and assuming they are correctly configured can be highly secure too. There's no additional license cost required to use Microsoft Windows VPN. In addition Microsoft offer a product named Intelligent Application Gateway which provides a high-end alternative to traditional VPN - it's part of the Forefront suite of products. IAG provides the means to publish applications from your internal network to authenticated users outside while adhering to a series of customisable rules specifying what types of authentication, inspection and access is allowed.
The next question of course is "how should I set up the VPN Server and Client/ are there any good guides?" - there are some excellent resources including step-by-step configuration guides on TechNet - just click here to access them.
Note: the URL is really easy to remember as it's just microsoft.com/vpn !
I like the IAG 2007 appliance, I have to say though, that I thought it was called intelligent application gateway. and one of the pro-s I do not see in your article for me is the possibility of endpoint detection where it detects what is on your (VPN)client PC and the status of it and thus gives you a very granular way of providing access to applications.
Also the rulessets for application requests make it a very valuable appliance. And that may be the downside for some: it is an appliance and not a "cd"-based product (yet)
In a world of increasing energy costs and restricted IT budgets, any reduction in hardware/software is a gift which should not be discarded.
IF Windows based VPN are secure enough, who needs Linux?
Steve, wasn't there a time when Microsoft recommended that users did not use Microsoft VPNs?
Good reading for the weekend on that link ;-)
Eric> yes I made a typo on the name - I crossed Internet Authentication Server with Intelligent Application Gateway!
the points you call out are very relevant indeed - thanks for taking the time to do so
Wagner> I've not heard of MSFT recommending not to use our own VPNs - if you have any references to it I'd be very interested to read them.