Re: IPSEC Certificate

Ok..I have a RRAS server running internally, and have used the pre-shared key
before...but would rather go the Cert route.

With PPTP isn't the username\password sent clear text?? We need to have the
connection fully encrypted from login to logoff....so I thought L2TP was the
better way to go.

"Phillip Windell" wrote:

L2TP doesn't *require* a Cert,...you can use a Pre-shared Key or a Cert.

As far as security, they are not likely to break in by hacking PPTP,...they
would get in by aquiring a User's credentials because users are not careful
about that stuff. Probably half their family and several of their
co-workers know their credentials if the truth was known.

If you do want to use the Cert,..yes you can buy one from any vendor. Check
with the vendor to get the right type of Cert.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"Hutch" <Hutch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2E9E0698-4AAF-4734-94FC-6F992FBAE56A@xxxxxxxxxxxxxxxx
Investigating ISA 2006 as a VPN option for our organization. I have
tested
out the PPTP VPN and it is pretty straightforward, but the security it
provides won't be enough for our agency.

I would like to use L2TP\IPSEC but that looks like a more complicated
beast.
Seems to involve setting up our own PKI environment, which I don't have
the
time for.

Can I use a CA such as Verisign or Comodo instead?? How would I set that
up?? Any help would be greatly appreciated.

We are running a full 2003 AD domain. Users would authenticate to the
DC's.
I am going to be setting up a Virtual testing environment to look at the
different options.

Regards,



.

Relevant Pages

  • Re: VPN Drops SBS2003
    ... - Microsoft Windows 2000 Advanced Server ... A demand-dial Point-to-Point Tunneling Protocol (PPTP) connection between ... does not match the remote server's Demand-Dial interface. ... If the PPTP tunnel is displayed in this view the user ...
    (microsoft.public.isa.vpn)
  • Re: VPN Disconnects
    ... Microsoft Windows 2000 Advanced Server ... A demand-dial Point-to-Point Tunneling Protocol (PPTP) connection between ... does not match the remote server's Demand-Dial interface. ...
    (microsoft.public.isa.vpn)
  • Re: VPN Drop
    ... Microsoft Windows 2000 Server ... A demand-dial Point-to-Point Tunneling Protocol (PPTP) connection between ... does not match the remote server's Demand-Dial interface. ... If the PPTP tunnel is displayed in this view the user ...
    (microsoft.public.isa.vpn)
  • Re: VPN Drop
    ... > - Microsoft Internet Security and Acceleration Server ... >the PPTP Control Channel is running Network Address ... >name to check if a local Demand-Dial interface should be ...
    (microsoft.public.isa.vpn)
  • Re: Wierd VPN Connection Problem
    ... A demand-dial Point-to-Point Tunneling Protocol (PPTP) connection between ... Two PPTP tunnels may be established if the user name of the calling server ... does not match the remote server's Demand-Dial interface. ... over one PPTP tunnel. ...
    (microsoft.public.isa.vpn)