Solved

isa 2006 pptp & l2tp & pre-shared key

Posted on 2013-06-12
13
854 Views
Last Modified: 2014-03-24
hi i am running a windows 2003 domain using an isa 2006 firewall and i wish to setup a vpn from my win 7 laptop at home to my server through isa 2006.

qns1.  what i wanted to know is when i configure the vpn via my isa 2006 should i leave default 'pptp' and not tick 'l2tp' & leave not complete the pre-shared key ?

master dc

i have created a vpnuser group
i have created a domain user account and added it to my 'vpnuser group'

isa 2006

i have added an access rule for the vpn users
i have allowed 10 vpn connections
i have linked to the 'windows group' to connect to the vpnuser group
0
Comment
Question by:mikey250
  • 7
  • 4
13 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39250089
You will need the preshared key for pptp since it does not use cert and has no machine auth. The l2tp/IPsec uses preshared or cert for user authentication, and cert for machine auth. See this to help understanding - preshared key is used for testing and thereafter switch to cert for easier progression. The former is weaker compared to cert based auth.

@ http://www.carbonwind.net/ISA/MacOSXVPNL2TP/MacOSXVPNL2TP2.htm

this MS link for troubleshooting does come in handy - see the common errors
@ http://technet.microsoft.com/en-us/library/bb794765.aspx

Also typically you can have guiding based on below in which to use either pptp or l2tp:

IPsec provides per-packet authentication of the data source, to prove that data was sent by the authorized user. It also provides data integrity, replay protections, and data confidentiality. By contrast, PPTP provides only per-packet data confidentiality.

L2TP over IPsec connections provide stronger authentication by means of both certificate-based computer authentication, and user-level authentication. PPTP provides only user-level authentication.

L2TP over IPsec requires a certificate infrastructure to issue certificates to the VPN server and all VPN client computers for computer authentication. PPTP can use password-based authentication and does not require an installed certificate.

L2TP over IPsec must be deployed with NAT-T to work through a NAT device such as ISA Server.

**Although it is possible to configure L2TP over IPsec VPN client computers using preshared key authentication, it is not recommended.

In summary, L2TP over IPsec is a more secure VPN protocol than PPTP. However, PPTP is still widely used. When using Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and strong passwords, PPTP provides enough security for many situations.
0
 

Author Comment

by:mikey250
ID: 39259986
hi breadtan, ive been reading the urls provided so will return to this question!!

appreciated!!
0
 
LVL 63

Expert Comment

by:btan
ID: 39283235
Sure keep us posted
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mikey250
ID: 39287993
i will do!! appreciated
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 39288005
0
 

Author Comment

by:mikey250
ID: 39288018
thanks for that i will read!
0
 

Author Comment

by:mikey250
ID: 39341570
i have not forgotten this thread and will return after i have finished some of my outstanding tasks in priority order.  apprecated!!
0
 

Author Comment

by:mikey250
ID: 39474160
hi just a reminder i have not forgotten about this thread as im just resolving some issues on my server so i can then come back to this.
0
 

Author Comment

by:mikey250
ID: 39949825
thanks for this information as my vpn works perfectly and now I realise I can use either both pptp & l2tp or just tick one of them, although I realise the pptp used to be a popular method and still used but l2tp is improved method.
0
 

Author Closing Comment

by:mikey250
ID: 39949827
sound advice.
0
 
LVL 63

Expert Comment

by:btan
ID: 39950133
Glad to help
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question