Setup VPN Tunneling To Use L2TP instead of PPTP?


G

Guest

I have a Windows 2003 server running RRAS with VPN setup to use PPTP. We
just had a security audit and were advised to changeover to L2TP.

I'm having trouble finding a straight-forward method of disabling PPTP and
enabling L2TP. Unfortunately, it's not as simple as changing a checkbox
selection. =\ I've opened UDP ports 500 and 1701 on my firewall. I have
L2TP ports already listed under Ports. How do I enable the L2TP? Can anyone
help me out?
 
Ad

Advertisements

S

samirj

Hi,

You can refer to following article to setup L2TP
http://www.microsoft.com/technet/pr...3/technologies/networking/rmotevpn.mspx#EQTAE

Basically you need to do following changes:-
1) L2TP needs machine certificate. Install machine certificate on VPN server and VPN clients (one way can be through auto-enrollment if these machines are joined to domain)
2) Open RRAS MMC snap-in and do following changes
* Enable L2TP ports (UDP port 1701, 500, 4500 + IP protocol type 50 for ESP) in the static filters on the public interface of VPN server. If you want to disable PPTP - remove PPTP ports (i.e. TCP port 1723 + IP protocol type 47) from static filters (so that PPTP packets can be dropped). If you are using some other firewall, do the same on that.
* Change Ports (Server->Ports->Properties) to make PPTP ports as 0.
3) Normally clients will be configured for VPN tunnel type "Automatic" which tries PPTP first and if that fails it tries L2TP/IPSec. If PPTP packets are dropped on the server side (via filters/firewall), then automatic tunnel type should work.
If not, make sure clients are configured to use L2TP/IPSec (in RAS client properties OR Connection manager profile).

More links at
http://www.microsoft.com/rras
http://www.microsoft.com/vpn
http://blogs.technet.com/rrasblog/default.aspx

Hope this helps

Regards,
Samirj

---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no rights."


-----Original Message-----
From: dathrill
Posted At: Saturday, April 08, 2006 12:33 AM
Posted To: microsoft.public.win2000.ras_routing
Conversation: Setup VPN Tunneling To Use L2TP instead of PPTP?
Subject: Setup VPN Tunneling To Use L2TP instead of PPTP?


I have a Windows 2003 server running RRAS with VPN setup to use PPTP. We
just had a security audit and were advised to changeover to L2TP.

I'm having trouble finding a straight-forward method of disabling PPTP and
enabling L2TP. Unfortunately, it's not as simple as changing a checkbox
selection. =\ I've opened UDP ports 500 and 1701 on my firewall. I have
L2TP ports already listed under Ports. How do I enable the L2TP? Can anyone
help me out?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top