Configuring a Virtual Private Network (VPN)


A virtual private network (VPN) enables you to connect to a remote server using the Internet. When a remote access client has established a connection to the Internet, a connection is created with the VPN server using a tunneling protocol (PPTP or L2TP). The tunnel provides secure communication between the user and the private network. One of the biggest advantages to implementing a VPN is the cost reduction. Remote clients can dial into a local ISP and then connect to the remote server rather than incurring possible long-distance charges.

Two types of tunneling protocols can be used to connect to a VPN server: the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Tunneling Protocol (L2TP). Both protocols are automatically installed by default. PPTP is used over PPP connections on an IP-based network and supports the encryption and encapsulation of IP, IPX, and NetBEUI packets. L2TP can encapsulate IP traffic over a variety of networks, including Frame Relay, ATM, and X.25.

Both PPTP and L2TP encrypt data that is being transferred. PPTP has builtin encryption technologies and uses MPPE 40-bit to 128-bit encryption. L2TP uses IPSec for data encryption. IPSec uses the Data Encryption Standard (DES) to encrypt data with supported key lengths between 56-bit (DES) and 168-bit (3DES).

In terms of authentication, a user attempting to establish a VPN connection can be authenticated using EAP, MS-CHAP, CHAP, SPAP, or PAP. Computer-level and user-level authentication are provided if you are using L2TP over IPSec. The mutual authentication of computers occurs through the exchange of computer certificates; in other words, certificates must be installed on both the VPN client and the VPN server. EAP, CHAP, MS-CHAP, SPAP, and PAP can perform the user-level authentication.

Table 5.4 summarizes the differences between the two tunneling protocols.

Table 5.4. Differences Between PPTP and L2TP

PPTP

L2TP

Used only for IP-based networks

Supports any point-to-point connection, including IP, ATM, and frame relay

Uses PPP encryption

Encryption is handled by IPSec

Allows IP, IPX, and NetBEUI traffic to be encrypted

Allows IP traffic to be encrypted

Tunnel authentication

No tunnel authentication


To enable a Windows Server 2003 as a VPN server, use the same process outlined when enabling a remote access server, but select the option to configure a VPN server. (Two network interfaces are required to configure VPNs.) When a VPN server is enabled, five PPTP and five L2TP ports are automatically created. If you want to allow more than five concurrent connections via each protocol, additional ports can be created and configured using the Ports container within the Routing and Remote Access console.



Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
ISBN: 131516345
EAN: N/A
Year: 2006
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net