Solved

isa 2006 pptp & l2tp & pre-shared key

Posted on 2013-06-12
13
808 Views
Last Modified: 2014-03-24
hi i am running a windows 2003 domain using an isa 2006 firewall and i wish to setup a vpn from my win 7 laptop at home to my server through isa 2006.

qns1.  what i wanted to know is when i configure the vpn via my isa 2006 should i leave default 'pptp' and not tick 'l2tp' & leave not complete the pre-shared key ?

master dc

i have created a vpnuser group
i have created a domain user account and added it to my 'vpnuser group'

isa 2006

i have added an access rule for the vpn users
i have allowed 10 vpn connections
i have linked to the 'windows group' to connect to the vpnuser group
0
Comment
Question by:mikey250
  • 7
  • 4
13 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39250089
You will need the preshared key for pptp since it does not use cert and has no machine auth. The l2tp/IPsec uses preshared or cert for user authentication, and cert for machine auth. See this to help understanding - preshared key is used for testing and thereafter switch to cert for easier progression. The former is weaker compared to cert based auth.

@ http://www.carbonwind.net/ISA/MacOSXVPNL2TP/MacOSXVPNL2TP2.htm

this MS link for troubleshooting does come in handy - see the common errors
@ http://technet.microsoft.com/en-us/library/bb794765.aspx

Also typically you can have guiding based on below in which to use either pptp or l2tp:

IPsec provides per-packet authentication of the data source, to prove that data was sent by the authorized user. It also provides data integrity, replay protections, and data confidentiality. By contrast, PPTP provides only per-packet data confidentiality.

L2TP over IPsec connections provide stronger authentication by means of both certificate-based computer authentication, and user-level authentication. PPTP provides only user-level authentication.

L2TP over IPsec requires a certificate infrastructure to issue certificates to the VPN server and all VPN client computers for computer authentication. PPTP can use password-based authentication and does not require an installed certificate.

L2TP over IPsec must be deployed with NAT-T to work through a NAT device such as ISA Server.

**Although it is possible to configure L2TP over IPsec VPN client computers using preshared key authentication, it is not recommended.

In summary, L2TP over IPsec is a more secure VPN protocol than PPTP. However, PPTP is still widely used. When using Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and strong passwords, PPTP provides enough security for many situations.
0
 

Author Comment

by:mikey250
ID: 39259986
hi breadtan, ive been reading the urls provided so will return to this question!!

appreciated!!
0
 
LVL 62

Expert Comment

by:btan
ID: 39283235
Sure keep us posted
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:mikey250
ID: 39287993
i will do!! appreciated
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 39288005
0
 

Author Comment

by:mikey250
ID: 39288018
thanks for that i will read!
0
 

Author Comment

by:mikey250
ID: 39341570
i have not forgotten this thread and will return after i have finished some of my outstanding tasks in priority order.  apprecated!!
0
 

Author Comment

by:mikey250
ID: 39474160
hi just a reminder i have not forgotten about this thread as im just resolving some issues on my server so i can then come back to this.
0
 

Author Comment

by:mikey250
ID: 39949825
thanks for this information as my vpn works perfectly and now I realise I can use either both pptp & l2tp or just tick one of them, although I realise the pptp used to be a popular method and still used but l2tp is improved method.
0
 

Author Closing Comment

by:mikey250
ID: 39949827
sound advice.
0
 
LVL 62

Expert Comment

by:btan
ID: 39950133
Glad to help
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question