VPN Technologies and Internet Standards

Multivendor interoperability for virtual private networking is essential in today’s networking environment because of the nature of business acquisitions, the need to extend corporate networks to contractors and partners, and the diverse equipment within company networks. To ensure customers have an open solution, Microsoft Windows Server 2003–based VPN technology is built according to industry standards.

By supporting IETF industry standards, Microsoft delivers a VPN solution that will work with other standards-compliant devices or software systems, helping to lower the cost and complexity of supporting proprietary solutions. Customers who use standards-based technology are not locked into any given vendor’s proprietary implementations, and therefore, they need not worry about supporting third-party VPN client software. This allows for a reduction of the costs for rolling out new workstations to the users, upgrading to new versions of the Windows operating system, and ongoing support of third-party software. Microsoft supports the IETF efforts to standardize VPN technology. To date, two major technologies are IETF standards:

• Layer Two Tunneling Protocol (L2TP). A combination of PPTP and Cisco’s Layer 2 Forwarding, which evolved through the IETF standards process

• Internet Protocol Security (IPSec). An architecture, a protocol, and a related Internet Key Exchange (IKE) protocol, which are described by IETF RFCs 2401 through 2409

The combination of these technologies is described in RFC 3193, an IETF Proposed Standard.

In addition to IETF standards-track technologies, Microsoft supports PPTP, created by the PPTP Industry Forum (US Robotics [now 3Com], 3Com/Primary Access, Ascend, Microsoft, and ECI Telematics). PPTP is a published informational RFC (RFC 2637), and many companies ship implementations of this technology.

For advanced security requirements, IPSec has emerged as a key technology. However, IPSec TM by itself does not support legacy authentication methods, tunnel IP address assignment and configuration, or multiple protocols—all critical requirements for remote access VPN connections. Windows Server 2003 uses L2TP in combination with IPSec to provide an interoperable, secure remote access VPN solution. L2TP has broad vendor support, particularly among the largest network access equipment providers, and has verified interoperability in a series of vendor- sponsored testing events. By placing L2TP as the payload within an IPSec packet, communications benefit from the standards-based encryption, integrity, and replay protection of IPSec. Communications also benefit from the user authentication, tunnel address assignment and configuration, and multiprotocol support of PPP-based tunneling. This combination is commonly referred to as L2TP/IPSec.