A virtual private network (VPN) enables you to connect to a remote server using the Internet. When a remote access client has established a connection to the Internet, a connection is created with the VPN server using a tunneling protocol (PPTP or L2TP). The tunnel provides secure communication between the user and the private network. One of the biggest advantages to implementing a VPN is the cost reduction. Remote clients can dial into a local ISP and then connect to the remote server rather than incurring possible long-distance charges. Two types of tunneling protocols can be used to connect to a VPN server: the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP). Both protocols are automatically installed by default. PPTP is used over PPP connections on an IP-based network and supports the encryption and encapsulation of IP, IPX, and NetBEUI packets. L2TP can encapsulate IP traffic over a variety of networks, including Frame Relay, ATM, and X.25. Both PPTP and L2TP encrypt data that is being transferred. PPTP has builtin encryption technologies and uses MPPE 40-bit to 128-bit encryption. L2TP uses IPSec for data encryption. IPSec uses the Data Encryption Standard (DES) to encrypt data with supported key lengths between 56-bit (DES) and 168-bit (3DES). In terms of authentication, a user attempting to establish a VPN connection can be authenticated using EAP, MS-CHAP, CHAP, SPAP, or PAP. Computer-level and user-level authentication are provided if you are using L2TP over IPSec. The mutual authentication of computers occurs through the exchange of computer certificates; in other words, certificates must be installed on both the VPN client and the VPN server. EAP, CHAP, MS-CHAP, SPAP, and PAP can perform the user-level authentication. Table 5.4 summarizes the differences between the two tunneling protocols.
To enable a Windows Server 2003 as a VPN server, use the same process outlined when enabling a remote access server, but select the option to configure a VPN server. (Two network interfaces are required to configure VPNs.) When a VPN server is enabled, five PPTP and five L2TP ports are automatically created. If you want to allow more than five concurrent connections via each protocol, additional ports can be created and configured using the Ports container within the Routing and Remote Access console. |