Re: MS-CHAPv2 encryption

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: FE-FR (fe)
Date: 08/12/04

Next message: msnews.microsoft.com: "Called Name Not Present - LANMAN 2.0 client to Windows 2000 Server"
Previous message: Phillip Windell: "Re: multihomed dhcp server assigns incorrect ip"
In reply to: Steven L Umbach: "Re: MS-CHAPv2 encryption"
Next in thread: Eddie Wedensworth: "Re: MS-CHAPv2 encryption"
Reply: Eddie Wedensworth: "Re: MS-CHAPv2 encryption"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 12 Aug 2004 23:26:30 +0200

If you have a windows 2003 server, and if you decide to use L2TP, you can do
it even with NAT.

Win 2003 supports NAT-T (transversal).

PPTP is nice, I do agree. Also it is very easy with AD to embark a user
certificate on a smartcard or USB key... this way, you have a
Hardware+pincode authentication rather than a domain\user+password.

Regards

-- 
FE (MVP ISA)
frederic@esnouf.net
You plan to implement Quarantine on ISA 2004 ?
Check this : http://www.esnouf.net/programs/QSS/qssinaction/QssInAction.htm
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:PDPSc.294853$XM6.99431@attbi_s53...
> You will need to use a VPN tunnel to insure that data is encrypted which
can be
> either pptp or l2tp. L2tp is more secure but more involved in setting up
due to
> limitations of it working over NAT and the need for computer certificates
on server
> and client. Pptp can be secure, just be sure to use a complex password
along with
> MSCHAPV2 for authentication.  --- Steve
>
>
> "Myrt Webb" <anonymous@discussions.microsoft.com> wrote in message
> news:510001c4809b$b11005c0$a501280a@phx.gbl...
> > I understand that when using MS-CHAP v2 for a RAS
> > connection the authentication traffic is encypted.
> >
> > But, after a successful authentication and connection to
> > a RAS is the subsequent data traffic sent over the RAS
> > connection also encypted? Or just the authen process?
>
>

Next message: msnews.microsoft.com: "Called Name Not Present - LANMAN 2.0 client to Windows 2000 Server"
Previous message: Phillip Windell: "Re: multihomed dhcp server assigns incorrect ip"
In reply to: Steven L Umbach: "Re: MS-CHAPv2 encryption"
Next in thread: Eddie Wedensworth: "Re: MS-CHAPv2 encryption"
Reply: Eddie Wedensworth: "Re: MS-CHAPv2 encryption"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Which is better PPTP or L2PT
... Pptp is not as secure as l2tp but it may be secure enough. ... l2tp requires the use of computer certificates and will not work over a NAT ... the internet can try to hack your VPN server because computer authentication ...
(microsoft.public.windows.server.networking)
Re: L2TP/PPTP
... Though pptp can be very secure if configured correctly and a complex password is used ... l2tp is more secure for a number of reasons. ... the biggest advantages is it requires certificate machine authentication in addition ... > PPTP is encrypted with Microsoft Encryption. ...
(microsoft.public.cert.exam.mcse)
Re: MS-CHAPv2 encryption
... either pptp or l2tp. ... L2tp is more secure but more involved in setting up due to ... MSCHAPV2 for authentication. ...
(microsoft.public.win2000.networking)
Re: Ports
... It depends on if you are using l2tp or pptp. ... or possibly preshared keys, and will not work over NAT if being used. ...
(microsoft.public.win2000.networking)
Re: VPN server
... PPTP is encrypted, you can use L2TP without certificates. ... You can use a pre-shared key instead of a certificate for L2TP/IPSec ... Well you have to configure the RRAS VPN service (see buiilt-in Help* or ...
(microsoft.public.windows.server.active_directory)