Hi

I have recently deployed a VPN Server using Microsoft RRAS. RRS is the
preferred technology because there are few anticipated users and the
software is free :)

The VPN Server sits behind the corporate firewall and operates fine,
accepting incoming connections reliably.

I am rather new to the VPN game (I usually design Active Directory
infrastructures) and set up both L2TP and PPTP protocols for convenience
sake while the client pilots the solution. My questions are therefore:

1. Which is the better tunnelling protocol in terms of security and
functionality, L2TP or PPTP, and why?

2. Is the community aware of any exploits that could be levelled against the
firewall with the following ports opened to support VPNs?

L2TP requires: Protocol 50, UDP 4500, UDP 500
PPTP requires: Protocol 47, TCP 1723

3. Anything else I should know?

All advice is appreciated

Thanks in advance
Regards

James D. Stallard

------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
------------------------------------------------------------------------
---

[ reply ]