?
Solved

isa 2006 pptp & l2tp & pre-shared key

Posted on 2013-06-12
13
Medium Priority
?
1,039 Views
Last Modified: 2014-03-24
hi i am running a windows 2003 domain using an isa 2006 firewall and i wish to setup a vpn from my win 7 laptop at home to my server through isa 2006.

qns1.  what i wanted to know is when i configure the vpn via my isa 2006 should i leave default 'pptp' and not tick 'l2tp' & leave not complete the pre-shared key ?

master dc

i have created a vpnuser group
i have created a domain user account and added it to my 'vpnuser group'

isa 2006

i have added an access rule for the vpn users
i have allowed 10 vpn connections
i have linked to the 'windows group' to connect to the vpnuser group
0
Comment
Question by:mikey250
  • 7
  • 4
11 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39250089
You will need the preshared key for pptp since it does not use cert and has no machine auth. The l2tp/IPsec uses preshared or cert for user authentication, and cert for machine auth. See this to help understanding - preshared key is used for testing and thereafter switch to cert for easier progression. The former is weaker compared to cert based auth.

@ http://www.carbonwind.net/ISA/MacOSXVPNL2TP/MacOSXVPNL2TP2.htm

this MS link for troubleshooting does come in handy - see the common errors
@ http://technet.microsoft.com/en-us/library/bb794765.aspx

Also typically you can have guiding based on below in which to use either pptp or l2tp:

IPsec provides per-packet authentication of the data source, to prove that data was sent by the authorized user. It also provides data integrity, replay protections, and data confidentiality. By contrast, PPTP provides only per-packet data confidentiality.

L2TP over IPsec connections provide stronger authentication by means of both certificate-based computer authentication, and user-level authentication. PPTP provides only user-level authentication.

L2TP over IPsec requires a certificate infrastructure to issue certificates to the VPN server and all VPN client computers for computer authentication. PPTP can use password-based authentication and does not require an installed certificate.

L2TP over IPsec must be deployed with NAT-T to work through a NAT device such as ISA Server.

**Although it is possible to configure L2TP over IPsec VPN client computers using preshared key authentication, it is not recommended.

In summary, L2TP over IPsec is a more secure VPN protocol than PPTP. However, PPTP is still widely used. When using Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and strong passwords, PPTP provides enough security for many situations.
0
 

Author Comment

by:mikey250
ID: 39259986
hi breadtan, ive been reading the urls provided so will return to this question!!

appreciated!!
0
 
LVL 65

Expert Comment

by:btan
ID: 39283235
Sure keep us posted
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:mikey250
ID: 39287993
i will do!! appreciated
0
 
LVL 65

Assisted Solution

by:btan
btan earned 2000 total points
ID: 39288005
0
 

Author Comment

by:mikey250
ID: 39288018
thanks for that i will read!
0
 

Author Comment

by:mikey250
ID: 39341570
i have not forgotten this thread and will return after i have finished some of my outstanding tasks in priority order.  apprecated!!
0
 

Author Comment

by:mikey250
ID: 39474160
hi just a reminder i have not forgotten about this thread as im just resolving some issues on my server so i can then come back to this.
0
 

Author Comment

by:mikey250
ID: 39949825
thanks for this information as my vpn works perfectly and now I realise I can use either both pptp & l2tp or just tick one of them, although I realise the pptp used to be a popular method and still used but l2tp is improved method.
0
 

Author Closing Comment

by:mikey250
ID: 39949827
sound advice.
0
 
LVL 65

Expert Comment

by:btan
ID: 39950133
Glad to help
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
A few solutions to a problem some of us have been having when trying to add Hostgator email accounts to Outlook 2016 (will probably work with Outlook 2013 as well).
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question