Remember, in either of these two cases, when encryption is configured, data will be encrypted as it passes from...
the client to the RAS server. Data that travels from the RAS server to resources on the internal network will not be encrypted. If you opt to provide the additional protection of SSL for connections between the client and the Web server, you will only need a certificate for the server. If all you want to accomplish is server authentication (the clients know they are communicating with the correct server) and server-to-client encryption, you can add client certificates (to authenticate clients to the Web server) and this would add protection. Someone who can obtain a valid user identity and password could connect to the RAS server on dialup, but could not authenticate to the Web server.
In either case, unless the SSL certs are issued by a known public certificate authority (CA), you will need to obtain a copy of the root CA's cert and add it to the certificate stores of the clients, or allow them to accept it from the server the first time they log on.
I can't recommend to you the best configuration for your setup, only you, with help from your client and your company, can decide the level of security that is necessary, and the proper way to implement it.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.