L2TP/IPsec in Pictures - ISA 2006 Server

I've said some time ago that I will explain in detail L2TP/IPsec in relationship with ISA 2006 Server.

I will not focus on describing how to enable the VPN server on ISA 2006.
Instead, I will analyze L2TP/IPsec "live on the wire", if I can call it like so.

Why L2TP/IPsec ?
Because it's a modern secure VPN technology.
So how L2TP/IPsec as a modern secure VPN technology works for you and your company?

Why ISA 2006 Server ?
Because it's a VPN solution that offers secure remote access and secure site-to-site connectivity, not just remote access and site-to-site connectivity. Alright, maybe is not quite the latest state-of-the-art VPN solution, but it definetely can help you in not creating a security "hole" through the use of VPN connections. And because it comes from Microsoft (just read the top-right corner of RFC3193 Securing L2TP using IPsec).
With ISA 2006 Server, L2TP/IPsec is used for both remote access and site-to-site connections.

Already buzz words start to flow, VPN technologies(secure, trusted), VPN solutions...
What is a modern VPN technology and what is a modern VPN solution ?
How looks a modern secure VPN technology "in action" ?

On a unsecure path, attackers are assumed to have the ability to capture, read, modify, delete or replay messages sent between the communicating hosts.
Attackers will actively try to make the communicating parties to select different protections suites(say weaker encryption algorithms) than they would normally choose in order to weak the security of the communication channel.

Therefore data confidentiality, data integrity(proof of the fact that the data has not been altered in transit), data origin authentication(proof that the data was sent by the correct party), replay-attack protection and prevention against the modification of the protections suites along with strong authentication methods of the device/user must represent the natural state of being of a secure VPN technology.

The question to ask, how L2TP/IPsec deals with all the above mentioned threats ?


Comments are closed