Solved

isa 2006 pptp & l2tp & pre-shared key

Posted on 2013-06-12
13
781 Views
Last Modified: 2014-03-24
hi i am running a windows 2003 domain using an isa 2006 firewall and i wish to setup a vpn from my win 7 laptop at home to my server through isa 2006.

qns1.  what i wanted to know is when i configure the vpn via my isa 2006 should i leave default 'pptp' and not tick 'l2tp' & leave not complete the pre-shared key ?

master dc

i have created a vpnuser group
i have created a domain user account and added it to my 'vpnuser group'

isa 2006

i have added an access rule for the vpn users
i have allowed 10 vpn connections
i have linked to the 'windows group' to connect to the vpnuser group
0
Comment
Question by:mikey250
  • 7
  • 4
13 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39250089
You will need the preshared key for pptp since it does not use cert and has no machine auth. The l2tp/IPsec uses preshared or cert for user authentication, and cert for machine auth. See this to help understanding - preshared key is used for testing and thereafter switch to cert for easier progression. The former is weaker compared to cert based auth.

@ http://www.carbonwind.net/ISA/MacOSXVPNL2TP/MacOSXVPNL2TP2.htm

this MS link for troubleshooting does come in handy - see the common errors
@ http://technet.microsoft.com/en-us/library/bb794765.aspx

Also typically you can have guiding based on below in which to use either pptp or l2tp:

IPsec provides per-packet authentication of the data source, to prove that data was sent by the authorized user. It also provides data integrity, replay protections, and data confidentiality. By contrast, PPTP provides only per-packet data confidentiality.

L2TP over IPsec connections provide stronger authentication by means of both certificate-based computer authentication, and user-level authentication. PPTP provides only user-level authentication.

L2TP over IPsec requires a certificate infrastructure to issue certificates to the VPN server and all VPN client computers for computer authentication. PPTP can use password-based authentication and does not require an installed certificate.

L2TP over IPsec must be deployed with NAT-T to work through a NAT device such as ISA Server.

**Although it is possible to configure L2TP over IPsec VPN client computers using preshared key authentication, it is not recommended.

In summary, L2TP over IPsec is a more secure VPN protocol than PPTP. However, PPTP is still widely used. When using Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and strong passwords, PPTP provides enough security for many situations.
0
 

Author Comment

by:mikey250
ID: 39259986
hi breadtan, ive been reading the urls provided so will return to this question!!

appreciated!!
0
 
LVL 62

Expert Comment

by:btan
ID: 39283235
Sure keep us posted
0
 

Author Comment

by:mikey250
ID: 39287993
i will do!! appreciated
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 39288005
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:mikey250
ID: 39288018
thanks for that i will read!
0
 

Author Comment

by:mikey250
ID: 39341570
i have not forgotten this thread and will return after i have finished some of my outstanding tasks in priority order.  apprecated!!
0
 

Author Comment

by:mikey250
ID: 39474160
hi just a reminder i have not forgotten about this thread as im just resolving some issues on my server so i can then come back to this.
0
 

Author Comment

by:mikey250
ID: 39949825
thanks for this information as my vpn works perfectly and now I realise I can use either both pptp & l2tp or just tick one of them, although I realise the pptp used to be a popular method and still used but l2tp is improved method.
0
 

Author Closing Comment

by:mikey250
ID: 39949827
sound advice.
0
 
LVL 62

Expert Comment

by:btan
ID: 39950133
Glad to help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now