Re: Which is better PPTP or L2PT
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/05/04
- Next message: Michael Giorgio - MS MVP: "Re: Master Browsers"
- Previous message: Param R.: "nic teaming"
- In reply to: PC: "Which is better PPTP or L2PT"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 5 Nov 2004 10:36:50 -0600
Pptp is not as secure as l2tp but it may be secure enough. Keep in mind that
l2tp requires the use of computer certificates and will not work over a NAT
connection unless the clients have the NAT-T upgrade installed and if the
VPN server is behind a NAT device it needs to be Windows 2003 Server. If all
of your VPN clients are W2K/XP/W2003 or using mschapv2 and you enforce
strong passwords of say at least eight characters length and use password
complexity then your pptp will be very secure. L2tp main advantages are that
it uses computer certificates to authenticate computers in addition to users
and the encrypted tunnel is created before user password authentication is
done. The use of computer certificates makes sure that just not anyone on
the internet can try to hack your VPN server because computer authentication
will fail and they will never get the opportunity to try and password guess.
The link below may be helpful of which I pasted a part of. --- Steve
PPTP
PPTP uses Point-to-Point Protocol (PPP) user authentication methods and
Microsoft Point-to-Point Encryption (MPPE) to encrypt IP traffic. When used
with MS-CHAP v2 for password-based authentication and strong passwords, PPTP
is a secure VPN technology. For stronger authentication for PPTP
connections, you can implement a PKI using smart cards or certificates and
Extensible Authentication Protocol - Transport Level Security (EAP-TLS).
PPTP is widely supported and easily deployed, and it works with most network
address translators (NATs).
L2TP/IPSec
The more secure of the two VPN protocols, L2TP/IPSec uses PPP user
authentication methods and IPSec encryption to encrypt IP traffic. This
combination uses certificate-based computer identity authentication to
create IPSec security associations in addition to PPP-based user
authentication. L2TP/IPSec provides data integrity, data origin
authentication, data confidentiality, and replay protection for each packet.
"PC" <paulm DOT c at iol DOT ie> wrote in message
news:uThyYPzwEHA.2624@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> I have a Win2k Server configured as a VPN server using PPTP and all is
> working well. From what I understand PPTP is not as secure as L2TP and I
> was
> thinking of reconfiguring the RRAS server and allowing only L2TP
> connections
> for my remote clients.
>
> Is it true that PPTP is not as secure - i.e. what would be the arguements
> for converting to L2TP?
>
> Thanks in advance
>
> ..pc
>
>
- Next message: Michael Giorgio - MS MVP: "Re: Master Browsers"
- Previous message: Param R.: "nic teaming"
- In reply to: PC: "Which is better PPTP or L2PT"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
