VPN choice guidance needed - PPTP v L2TP on specific hardware
Posted on 2003-11-06
Firstly, I am new to firewalls/vpn, network infrastructure in general, so I'm asking this question for all you security experts out there.
I have a single web server running w2k that is running behind a zyxel firewall hosted at a remote location. The server has 2 network cards. One is attached to the firewall and the other is currently disabled.
I need to create a VPN between my office and the server.
As I see it, I have 3 options:
1. I can create a PPTP connection directly to the firewall (as the firewall supports this, but I need to use zyxel firewall client software)
2. I can create a PPTP VPN server on the web server, and set the firewall to allow the connnection through (don't see any advantage to this however, except I wouldn't have to buy the zyxel firewall client)
3. I can enable the second network card, use TCP/IP filtering on it to disable everything except what is required to enable L2TP, set up a VPN server on the web server and use it. (the firewall does not allow L2TP passthrough, and is not an L2TP VPN Server)
I guess my question is, L2TP offers better security, but if it means having to enable another network card which wouldn't be behind a firewall, is it worth it?
Any discussion on this is more than welcome!