L2TP/IPSEc
- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 12:34:23 -0500
Hi David,
I like the pure IPSec tunnel approach. It just has two drawbacks that
prevent me from implementing it more often:
--Each Gateway must have a static IP address
--The tunnel does not appear in the RRAS console and so monitoring it is
a bit awkward
Otherwise, I think its definitely the way to go!
Thanks!
Tom
www.isaserver.org/shinder
Thomas W Shinder, M.D., MCSE, MCT
-----Original Message-----
From: David Haam [mailto:DavidH@xxxxxxxxxxxx]
Sent: Tuesday, August 28, 2001 12:09 PM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: IPSEC/L2TP VPN on ISA Server
Just a couple of things to keep in mind for your scenario.
* with a "site-to-site" VPN, you might want to use straight IPSec
without L2TP (L2TP buys you advantages in ease of
implementation/configuration if you have client-to-site VPNs).
* NAT is not supported on the ends of the IPSec tunnel. However, as long
as you're terminating the tunnel (e.g. ISA server at each each with real
IP's), you'll be fine.
* the PKI (Certs) side of encryption is probably the toughest part of
IPSec, you can do a shared-key IPSec tunnel, but I would only suggest
that for testing/short-term until your PKI is in place.
-----Original Message-----
From: Thomas W. Shinder
Sent: Tue 8/28/2001 9:58 AM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] RE: IPSEC/L2TP VPN on ISA Server
http://www.ISAserver.org
Hi Nick,
We didn't go into the intricacies of VPN, because that's for a future
book :-)
L2TP/IPSec tunnels are another ballgame completely. PPTP is plug and
play. L2TP/IPSec requires some planning. However, check out Q240262 if
you don't want to break your brain on Certificate Server :-)
HTH,
Tom
www.isaserver.org/shinder
Thomas W Shinder, M.D., MCSE, MCT
-----Original Message-----
From: Nicholas Palmer [mailto:NICK@xxxxxxxxxxx]
Sent: Tuesday, August 28, 2001 11:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IPSEC/L2TP VPN on ISA Server
http://www.ISAserver.org
Hi all,
I've got a question about setting up a Server to Server VPN. I followed
the example in the back of Tom's book to set up a VPN between to
different Servers(both with ISA), and everything seems to work OK. Well
it works OK when I use PPTP as the Authentication protocol. If I try to
use IPSEC it fails to Authenticate. I've read somewhere in Tom's book
about an IPSEC driver that needs to be installed, but I've also seen
that you can't do IPSEC if you are doing NAT, which ISA does right? So
what is the answer here.
Thanks in advance,
Nick.
____________________
Nicholas Palmer
KCI Computing, Inc.
(nick@xxxxxxxxxxx)
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidh@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Thomas W Shinder, M.D., MCSE, MCT
Other related posts:
