Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1073
  • Last Modified:

isa 2006 pptp & l2tp & pre-shared key

hi i am running a windows 2003 domain using an isa 2006 firewall and i wish to setup a vpn from my win 7 laptop at home to my server through isa 2006.

qns1.  what i wanted to know is when i configure the vpn via my isa 2006 should i leave default 'pptp' and not tick 'l2tp' & leave not complete the pre-shared key ?

master dc

i have created a vpnuser group
i have created a domain user account and added it to my 'vpnuser group'

isa 2006

i have added an access rule for the vpn users
i have allowed 10 vpn connections
i have linked to the 'windows group' to connect to the vpnuser group
0
mikey250
Asked:
mikey250
  • 7
  • 4
2 Solutions
 
btanExec ConsultantCommented:
You will need the preshared key for pptp since it does not use cert and has no machine auth. The l2tp/IPsec uses preshared or cert for user authentication, and cert for machine auth. See this to help understanding - preshared key is used for testing and thereafter switch to cert for easier progression. The former is weaker compared to cert based auth.

@ http://www.carbonwind.net/ISA/MacOSXVPNL2TP/MacOSXVPNL2TP2.htm

this MS link for troubleshooting does come in handy - see the common errors
@ http://technet.microsoft.com/en-us/library/bb794765.aspx

Also typically you can have guiding based on below in which to use either pptp or l2tp:

IPsec provides per-packet authentication of the data source, to prove that data was sent by the authorized user. It also provides data integrity, replay protections, and data confidentiality. By contrast, PPTP provides only per-packet data confidentiality.

L2TP over IPsec connections provide stronger authentication by means of both certificate-based computer authentication, and user-level authentication. PPTP provides only user-level authentication.

L2TP over IPsec requires a certificate infrastructure to issue certificates to the VPN server and all VPN client computers for computer authentication. PPTP can use password-based authentication and does not require an installed certificate.

L2TP over IPsec must be deployed with NAT-T to work through a NAT device such as ISA Server.

**Although it is possible to configure L2TP over IPsec VPN client computers using preshared key authentication, it is not recommended.

In summary, L2TP over IPsec is a more secure VPN protocol than PPTP. However, PPTP is still widely used. When using Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and strong passwords, PPTP provides enough security for many situations.
0
 
mikey250Author Commented:
hi breadtan, ive been reading the urls provided so will return to this question!!

appreciated!!
0
 
btanExec ConsultantCommented:
Sure keep us posted
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
mikey250Author Commented:
i will do!! appreciated
0
 
btanExec ConsultantCommented:
0
 
mikey250Author Commented:
thanks for that i will read!
0
 
mikey250Author Commented:
i have not forgotten this thread and will return after i have finished some of my outstanding tasks in priority order.  apprecated!!
0
 
mikey250Author Commented:
hi just a reminder i have not forgotten about this thread as im just resolving some issues on my server so i can then come back to this.
0
 
mikey250Author Commented:
thanks for this information as my vpn works perfectly and now I realise I can use either both pptp & l2tp or just tick one of them, although I realise the pptp used to be a popular method and still used but l2tp is improved method.
0
 
mikey250Author Commented:
sound advice.
0
 
btanExec ConsultantCommented:
Glad to help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now