VPN Technologies and Internet Standards
by: Andrew Clarck
Multivendor interoperability for virtual private networking is essential in today’s
networking environment because of the nature of business acquisitions, the need to
extend corporate networks to contractors and partners, and the diverse equipment
within company networks. To ensure customers have an open solution, Microsoft
Windows Server 2003–based VPN technology is built according to industry standards.
By supporting IETF industry standards, Microsoft delivers a VPN solution that will
work with other standards-compliant devices or software systems, helping to lower
the cost and complexity of supporting proprietary solutions. Customers who use
standards-based technology are not locked into any given vendor’s proprietary
implementations, and therefore, they need not worry about supporting third-party
VPN client software. This allows for a reduction of the costs for rolling out new
workstations to the users, upgrading to new versions of the Windows operating
system, and ongoing support of third-party software. Microsoft supports the IETF
efforts to standardize VPN technology. To date, two major technologies are IETF
standards:
• Layer Two Tunneling Protocol (L2TP). A combination of PPTP and
Cisco’s Layer 2 Forwarding, which evolved through the IETF standards process
• Internet Protocol Security (IPSec). An architecture, a protocol, and a
related Internet Key Exchange (IKE) protocol, which are described by IETF
RFCs 2401 through 2409
The combination of these technologies is described in RFC 3193, an IETF Proposed
Standard.
In addition to IETF standards-track technologies, Microsoft supports PPTP, created
by the PPTP Industry Forum (US Robotics [now 3Com], 3Com/Primary Access,
Ascend, Microsoft, and ECI Telematics). PPTP is a published informational RFC
(RFC 2637), and many companies ship implementations of this technology.
For advanced security requirements, IPSec has emerged as a key technology. However,
IPSec TM by itself does not support legacy authentication methods, tunnel IP
address assignment and configuration, or multiple protocols—all critical requirements
for remote access VPN connections. Windows Server 2003 uses L2TP in combination
with IPSec to provide an interoperable, secure remote access VPN
solution. L2TP has broad vendor support, particularly among the largest network
access equipment providers, and has verified interoperability in a series of vendorsponsored
testing events. By placing L2TP as the payload within an IPSec packet,
communications benefit from the standards-based encryption, integrity, and replay
protection of IPSec. Communications also benefit from the user authentication, tunnel
address assignment and configuration, and multiprotocol support of PPP-based
tunneling. This combination is commonly referred to as L2TP/IPSec.
Copyright © 2006 myhtml-site.com All rights reserved. Designed by : me@myhtml-site.com
