Summary Virtual Private Networks (VPN)

VPN protocols

PPTP

Point-to-Point Tunneling Protocol (PPTP) is an extension of the PPP protocol. PPTP can only be used over TCP/IP connections to create a single tunnel, it does not support header compression or provide authentication. For authentication IPSec can be used, Microsoft Point-to-Point Encryption (MPPE) is used for encryption.

To use a PPTP VPN over a firewall the following ports must be open :

bulletUDP 1723 (PPTP)
bulletUDP 1701 (L2TP)

L2TP

Another tunneling protocol is the Layer 2 Tunneling Protocol (L2TP) which only encapsulates packets,  it does not encrypt data. L2TP can be used over IP connections but also over Frame Relay, ATM and X25 to create multiple tunnels between end points. It also supports header compression and tunnel authentication. For encryption, IPSec can be used.

Windows XP/.net updates

bulletConnection manager support for VPN server selection. (WH1321N020601)

More information

Related white papers

bullet Connecting remote users to your network
bulletVirtual Private Networking: An overview
bulletMicrosoft privacy protected network access virtual private networking and intranet security
bulletWindows 2000 virtual private networking scenario

Downloads

bullet VPN client (L2TP/IPSec) for Windows 95/98/ME/NT 4.0

Microsoft support articles

bulletSupport webcast: VPN creation in Windows 2000
bulletIPSec and L2TP implementation in Windows 2000 (Q265112)
bulletIncreasing security on Windows 2000 VPN server (Q255784)
bulletHow to provide secure point-to-point communications across the internet (Q301194)
bulletHow to configure Windows 2000 Professional to Windows 2000 Professional virtual private network connections (Q257333)
bulletHow to configure a L2TP/IPSec connection using pre-shared key authentication (Q240262)
bulletHow to configure Cisco IOS for L2TP/IPSec in Windows (Q249067)
bulletWindows VPN compatibility with Cisco VPN (Q249278)
bulletUsing certificates for Windows 2000 and Cisco IOS VPN interoperation (Q249125)
bulletBasic L2TP/IPSec troubleshooting (Q259335)
bulletConfiguring a VPN to use extensible authentication protocol (EAP) (Q259880)
bulletWindows 2000 L2TP/IPSec interoperation with third-party manufacturers (Q254442)
bulletWindows virtual private networking connectivity to Cisco PIX firewall (Q249576)
bulletRouting and remote access wizard for VPN server create non-specific input and output filters (Q260926)
bulletRRAS VPN dial-on-demand failover mechanism (Q262990)
bulletVPN tunnels - GRE Protocol 47 packet description and use (Q241251)
bulletOSPF over RRAS dial-on-demand and VPN connections in Windows 2000 (Q241540)
bulletPPTP clients cannot connect to Windows 2000 PPTP server (Q266460)
bulletEnabling VPN and RRAS causes connection issues to remote networks (Q243374)
bulletWindows 95 VPN client computer can connect but cannot access any resources (Q271238)
bulletVPN that uses MS-Chap Authentication does not connect to RRAS server (Q289732)
bulletOnly the offline files are displayed when you use a remote access or virtual private network connection (Q290523)
bulletVPN connection is not available for logon with dial-up networking (Q231426)
bulletPPTP connection is not available from the Windows 2000 logon screen (Q247157)
bulletVPN connections dropped when computer goes into standby mode (Q216479)
bulletVPN client connection stops working after hibernate or standby (Q263965)
bulletError message: 'Error 623 The system could not find the phone book entry for this connection' when making a VPN connection (Q227391)
bulletCannot use shared internet connection while connected to a VPN (Q247431)
bulletCannot ping external network adapter after configuring RRAS as a VPN server (Q258030)
bulletPreventing RemoteAccess ID 20192 from occurring in the system event (Q245476)
bulletL2TP sessions lost when adding a server to an NLB cluster (Q248346)
bulletEvent ID 20111, error 792 or error 781 when establishing an L2TP/IPSec connection (Q247231)
bulletClient VPN IP address must be used when you add static routes for Windows 2000 VPN interface (Q259171)
bulletError message is displayed when setting up a virtual private network on Windows 2000 in a Windows NT 4.0 domain (Q260027)
bulletCannot use Wlbs.exe remote control commands from load balanced VPN servers (Q269004)
bulletError message 'STOP 0x000000D1' when using Shiva VPN client (Q268474)
bulletExcess padding may cause IPSec ESP packey loss with third-party implementations (Q276360)
bulletZoneAlarm firewall software prevents VPN connection through PPTP (Q285549)
bulletThe virtual private network wizard for client access does not seem to change the number of available virtual private network ports (Q284651)
bulletSecurity log error message appears when you try to connect to establish a L2TP connection (Q284970)

Links

bulletConfiguring a VPN solution step-by-step (Microsoft)
bulletTechnet chapter 9: Virtual private networking (Microsoft)
bulletProfessor Windows: VPN deployment using Windows 2000 (Microsoft)
bulletPPTP based remote access VPN (Microsoft)
bulletActive directory with virtual private network and demand dial deployments (Microsoft)
bulletPlanning and installing a Windows 2000 remote access VPN server (Microsoft)
bulletUnderstanding the PPTP protocol (Microsoft)
bulletConfiguring remote access/VPN (Microsoft)
bulletVirtual private networking: Secure connections through the internet (MS Press)
bullet PPTP vs L2TP (Windows 2000 magazine Sept 15 2001)
bulletConfiguring VPN's (Windows 2000 magazine jun 2001)
bulletWindows 2000 VPN basics (Windows 2000 magazine may 2001)
bulletVPN gateways (Windows 2000 magazine apr 2001)
bulletIPSec and IKE : New VPN standards (Windows 2000 magazine mar 2001)
bulletRemote access, part II, VPNs and Back Office server (Windows 2000 magazine mar 2001)
bulletFirewalls with VPN (Windows 2000 magazine feb 2001)
bulletConfiguring a Win2K VPN (Windows 2000 magazine sep 2000)
bulletPPTP improved (Windows 2000 mag. aug 2000)
bullet15 tips for troubleshooting VPN connections (Windows 2000 magazine apr 2000)
bulletWin2K legacy client VPN connections (Windows 2000 magazine)
bullet Configure Windows XP Professional to be a VPN server (TechRepublic)
bulletVPN's buyers guide (Network computing)
bulletVPN queries and answers (TechRepublic)
bulletSetting up a VPN in Windows 2000 (TechRepublic)
bulletThe how, what and when of VPN (TechRepublic)
bulletVPN evolution at TechRepublic boosts speed, security, and stability (TechRepublic)
bullet Troubleshooting VPN 's from the client side (TechRepublic)
bulletDealing with the growing pains of site-to-site VPN (TechRepublic)
bullet Configuring certificates for an L2TP/IPSec VPN (TechRepublic)
bulletActive Directory helps to keep VPN management simple and effective (Windows 2000 advantage)
bulletHow small and midsize business can turn the internet into a private network for competitive advantage (OpenReach whitepaper)
bulletDemystifying VPN (OpenReach whitepaper)
bulletA pratical guide to the right VPN solution (OpenReach whitepaper)
bulletSelecting a VPN solution ? Think security first (SearchNetworking)
bullet Configure a W2K VPN server (BrainBuzz)
bulletProduct briefing: Virtual private networks (EarthWeb)
bulletLabmice VPN links
bulletVPN faq

Last update : 16 July 2002