Re: VPN Windows 2000


Just to throw my 2 cents worth here, PPTP is not nearly as secure as
L2TP/IPSec. So you've got to choose your devil. A lesser encryption on the
data stream or a publicly available server. I'm not saying one is better or
worse than the other, just that both have their risks. Sometimes it's not
possible to use pptp - sometimes the other end is not a Windows client and
just doesn't support it. Sometimes IPSec may be a security requirement of
the other party (or medical or governmental data). In any case, a locked
down MS RRAS server isn't generally any less secure than any other server
(Even Cisco PIX has had security flaws).

....kurt

"Someuser" <someuser@[127.0.0.1]> wrote in message
news:tMLEg.379725$1Q1.256518@xxxxxxxxxxxxxxxxxxxxxxxxx
I am with you 100%. I never and I mean NEVER allow a server to be outside
of a firewall. Net protocol (FTP,HTTP,SMTP, etc) servers reside in a
firewall protected DMZ and communicate with SQL servers, etc... within the
intranet through very controlled limits.

I have personnaly used port forwarding for PPTP (port 1723) to access my
office remotely for years and have never had problems. More over I would
not feel comfortabkle with anything less since my client data is of a
sensitive nature.

cheers,
James



"cptkirkh" <khill@xxxxxxxx> wrote in message
news:1155608042.616820.278460@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I inherited a network that uses 2000 server for the VPN. The server
has two nics one for the external and the other for the internal. Did
this device really need to have two nics? Isn't that a little
dangerous placing a windows box outisde of the firewall? Can't
i just tell my PIX to port over VPN to that particualr box and use one
nic with the internal Ip address? If so what ports do I need port
over? thanks for your help.





.

Relevant Pages

  • Re: Created on Access 2003, but.......................
    ... But that's not secure under any scenario, as any port scanner ... Well, you still need a userid, password and database name. ... You're assuming the server remains in a secured configuration. ...
    (comp.databases.ms-access)
  • Re: 553 sorry, relaying denied from your location
    ... connection on port 465. ... Newly created server is on port 465, ... iterations of secure, always secure, 128 bit encryption, etc. ... that doesn't appear to be an Exchange response. ...
    (microsoft.public.exchange.setup)
  • RE: Lotus Notes - Is this a bad thing?
    ... > Make sure you have your firewall set up right... ... Remember that something secure today may not be tomorrow so, ... Try cutting UDP access to the server completely, ... Make sure port encryption is enabled on the servers ...
    (Security-Basics)
  • Re: VPN disconnects itself
    ... VPN PPTP needs the following - ... TCP port 1723 and IP Protocol 47 ... >> configured properly on both the ends [server and client]. ...
    (microsoft.public.isa.vpn)
  • Re: Terminal server and http
    ... The easiest and most secure way to do this is to drop in a SSL VPN device ... client being able to communicate over port 3389. ... Of course you cannot use an IP address where you also have a Web Server ... This action depends on the firewall you're using. ...
    (microsoft.public.windows.terminal_services)