Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN choice guidance needed - PPTP v L2TP on specific hardware

Posted on 2003-11-06
4
Medium Priority
?
659 Views
Last Modified: 2010-04-11
Hi,

Firstly, I am new to firewalls/vpn, network infrastructure in general, so I'm asking this question for all you security experts out there.

My scenario:

I have a single web server running w2k that is running behind a zyxel firewall hosted at a remote location.  The server has 2 network cards.  One is attached to the firewall and the other is currently disabled.

I need to create a VPN between my office and the server.

As I see it, I have 3 options:

1.  I can create a PPTP connection directly to the firewall (as the firewall supports this, but I need to use zyxel firewall client software)

2.  I can create a PPTP VPN server on the web server, and set the firewall to allow the connnection through (don't see any advantage to this however, except I wouldn't have to buy the zyxel firewall client)

3.  I can enable the second network card, use TCP/IP filtering on it to disable everything except what is required to enable L2TP, set up a VPN server on the web server and use it.   (the firewall does not allow L2TP passthrough, and is not an L2TP VPN Server)

I guess my question is, L2TP offers better security, but if it means having to enable another network card which wouldn't be behind a firewall, is it worth it?

Any discussion on this is more than welcome!


Chris

0
Comment
Question by:cemack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
KingHollis earned 2000 total points
ID: 9698587
Chris

Consider PPTP if you have low security requirements, need a simple VPN solution and multiprotocol support is a must.
Consider L2TP if you need a faster and leaner solution than offered by PPTP.
Consider IPSec if the main selection criterion is security and you need ease of use and
configuration.
Consider L2TP/IPSec if complete interoperability and strong security are most important to you.

In your particular case, the ONLY reason I would go with L2TP would be if you are going to use L2TP/IPSec. And, implementing L2TP/IPSec is fairly involved for this simple of an implementation. Otherwise, just use the PPTP solution and keep all NICs behind your firewall.

Hope this helps.
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9701712
Only somebody fully knowledged in the setup of your environment can really answer your question. Only you can decide if allowing communication on this other NIC is worth the security risks involved. Can it be done, sure. Yes you can control the filtering on this NIC as well. However what you are doing is effectively taking away communication control from the firewall and putting into the hands of your NIC and the policy that controls the communication of this NIC. If you feel confident enough about your ability to control the communication across this NIC then I would say have at it. However if you don't then I would say let the firewall do its job and find another way to accomplish your task.
0
 

Author Comment

by:cemack
ID: 9770199
Moderator:

Can this be split say 350/150 between KingHollis and TooKookKris please?  

Thanks to both for your replies, higher points to KingHollis just because he's a bit more specific.

I've decided to go with the straightforward option of PPTP using the firewall VPN server as security isn't my biggest concern, and it offloads the VPN processing to the firewall.
0
 
LVL 10

Expert Comment

by:KingHollis
ID: 9771929
Chris:

Good move! Best of luck!

h.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question