The following process can be
used to enable L2TP/IPSec VPN support on the ISA VPN server:
1. Open the ISA Server Management Console and select Virtual Private Networks (VPN)
from the Scope pane.
2. Select the VPN Clients tab in the Details pane.
247
9
Creating Layer 2 Tunneling Protocol (L2TP) VPN Connections with ISA
3. Select Configure VPN Client Access from the Tasks pane.
4. On the Protocols tab, enable the Enable L2TP/IPSec check box, as shown in
Figure 9.18.
5. Select the OK button to close the window.
6. Select the Apply button to apply the new configuration.
Configuring an IPSec Pre-Shared Key
Essentially, two options can be used to encrypt the L2TP VPN session. The first option is
to use a pre-shared key, which is a manually configured alphanumeric password that is
inputted on the server and on all the VPN clients. This creates a secure L2TP IPSec VPN
tunnel, but is not considered secure because someone could theoretically uncover the key
through social engineering and, when compromised, it must then be manually reset on all
clients. The more secure approach is to deploy a PKI infrastructure, which can take more
time to set up, but is more inherently secure.
Pages:
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438