In reference to your response regarding how to extend a firewall to remote users: Why does no one ever consider...
MS Terminal Server via TSAC? Nothing to configure, all you need is IE4.x or higher on the remote user stations, and you can maintain 128bit rdp. I can't imagine getting my people to determine their IP number from some hotel to log into our services via the VPN. We just point them to a URL, and away they go. Now the only drawback is dealing with hotels that feel you only need port 80 and 443 open at their firewall.
The main reason that I can think of is that there have been security vulnerabilities noted in RDP, and Microsoft's attempts to fix them have caused problems. (ref: http://www.internetnews.com/dev-news/article/0,,10_907031,00.html)
Many administrators would simply rather use a third party VPN than rely on Microsoft for their security.
Most third party VPN clients do not require a user to determine their IP address. They are designed to operate in a dial-up or foreign network with whatever IP address the computer is given.
For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Virtual Private Networks
Best Web Links: Mobile/Remote Employee Issues
Dig Deeper on Microsoft Windows security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.