RE: Remote access encryption strength with ISA2004

  • From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 30 Jan 2005 11:54:03 +0100

Hi Tom, 

Are you sure only MPPE is involved in the encryption strength settings? 

Hmm... That would mean there are two places where the encryption strength is
configured. Once in the RRAS Encryption tab for PPTP and once in the
installed IKE policies for L2TP/IPSec. For the latter I see 3DES and DES as
allowed encryption. So, how can we be sure which one will be negotiated? 

I find it rather strange you can't define such an important setting through
the ISA MMC :-((

Thanks, 
Stefaan 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: zaterdag 29 januari 2005 17:49
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Remote access encryption strenght with ISA2004

http://www.ISAserver.org

Hi Stefaan,

Good questions. My solution has been either:

1. Use only L2TP/IPSec (in which case, MPPE isn't an issue)

Or

2. Use RADIUS policy.

HTH, 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Stefaan Pouseele [mailto:Stefaan.Pouseele@xxxxxxx]
Sent: Saturday, January 29, 2005 5:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Remote access encryption strenght with ISA2004

http://www.ISAserver.org

Hi all, 

ISA2004 configures an 'ISA Server Default Policy' in RRAS. If you look at
that policy then you see that in the Encryption tab Basic, Strong and
Strongest encryption is enabled. You can disable i.e. Basic and Strong to
enforce Strongest encryption, but when you restart the ISA server the ISA
Server Default Policy is reset. 

So, here are some questions: 

1) How can we enforce Strongest encryption?

2) Is this only possible if you use a Radius (IAS) server? 

3) Can we safely delete the other RRAS defualt policies 'Connections to
Microsoft RRAS' and 'Connections to other access servers' and is there a
benefit in doing so? 


Regards,
Stefaan

Other related posts:

  • » RE: Remote access encryption strength with ISA2004
  1. Home
  2. isalist
  3. Archive
  4. 01-2005