To use Socks, you need the server running on the edge of the network (VPN Server 2.5, in this case) and a client that redirects the connection on the client computer, such as AutoSOCKS 2.2. The Socks 5 Protocol, which Aventail Corp.'s VPN Server and AutoSOCKS use, provides authentication and authorization.

I tested beta versions of Aventail's latest VPN Server and the AutoSOCKS client in Network Computing's lab at Syracuse University and noted their tighter integration with Windows domains, and robust, secure authentication and authorization.

Trying On Socks for Size The VPN Server includes some new installation and management features for network administrators. With previous versions, you had to manually add users to the VPN Server. When a user tried to use the proxy service, the VPN Server authenticated the client and set up a secure session, then the user name/ password in the NT Domain controller authenticated the user. Setting up initial access involved manually adding the users to the access control lists.

With version 2.5, you can manage Socks through the Windows NT Domain database. More important, you can add users both individually and in groups. The VPN Server accesses not only the domain in which the server is participating, but other domains that are visible to it.

Adding users is a snap. In the Internet Policy Manager Configuration Tool (the VPN Server management GUI), I added users from both the local server and the domain into a group alias. Each NT Domain is added manually as a resource and displayed as available. By drilling down through the users and groups, I selected individual users and groups and then added them to the selected window. Once the users were selected, I gave the group the name "NWC Domain Users" and closed the box. Wherever I needed to apply a rule to a set of users, I selected NWC Domain Users.

Once groups are created, you can begin applying rules to specific group aliases. However, you must be careful setting the filtering and access rules; when these rules are applied to NT Groups in a group alias, they affect all the users in the NT Group. You can create VPN Server-specific groups by adding individual users to groups in the Internet Policy Manager Configuration Tool.

Oddly enough, Aventail VPN Server does not offer any way to add individual users or NT Groups to the filter rules without first redefining them in the Internet Policy Manager. Here, all user and group management are meshed into one tab in the Internet Policy Manager, conveniently creating one place to make changes. This functionality reduces the probability for conflicting names in the rules, as well as the chance for creating loopholes in users' permissions. With VPN Server 2.5, you simply create a group alias and add users and groups across any number of domains quickly and easily.

Mike Fratto can be reached at mfratto@nwc.com.