TABLE OF CONTENTS In the last section, we discussed the procedures required to enable and configure the ISA firewall's VPN server component to allow remote access VPN client PPTP connections. In the following section, we'll build on the configuration we created in the last section and configure the ISA firewall to support a L2TP/IPSec remote access VPN client connection.
We'll perform the following procedures to allow L2TP/IPSec remote access VPN client connections to the ISA firewall:
Issue certificates to the ISA 2004 firewall and VPN clients
Test a L2TP/IPSec VPN connection
Monitor VPN Client Connections
You can significantly improve the level of security on your VPN connections by using the L2TP/IPSec VPN protocol. The IPSec encryption protocol provides a number of security advantages over the Microsoft Point-to-Point Encryption (MPPE) protocol used to secure PPTP connections. While the ISA firewall supports using a pre-shared key to support the IPSec encryption process, this should be considered a low-security option and should be avoided if possible.
| Warning | While PPTP and MPPE are secure VPN protocols that can be used by organizations that do not want to use PKI and L2TP/IPSec, the level of security provided by PPTP/MPPE is directly related to the complexity of the user credentials and the PPP user authentication protocol. You should use only complex user passwords with MS-CHAPv2 or EAP user certificate authentication. |
However, if you just aren't in the position to roll out a PKI, then...
