Benefits of Using VPNs
The primary benefits of using VPNs are as follows:
1- Reduced costs Using the Internet as a connection medium saves long-distance phone expenses and requires less hardware than a dial-up networking solution. In the case of a site-to-site VPN, using the Internet as a WAN is also less expensive than using a dedicated WAN connection.
2- Security Authentication prevents unauthorized users from connecting to the VPN servers. Strong encryption methods make it extremely difficult for an attacker to interpret the data sent across a VPN connection.
3- Flexibility By using VPNs, the organization does not need to manage Internet connections or dial-up servers for remote users. The users need only be able to connect to the Internet using whatever technology is available.
4- Transparency to applications One of the significant advantages of using a VPN connection, rather than an alternative solution such as a client/server Web application, is that VPN users at remote locations can potentially access all protocols and servers on the corporate network. The remote-access VPN user does not need special software to connect to each of these services, and the network and firewall administrator does not need to create special proxy applications to connect
to these resources.
VPN security is based on the tunneling and authentication protocols that you use and the level of encryption that you apply to VPN connections. ISA Server 2004 supports two VPN tunneling protocols for remote-access connections: PPTP and L2TP/IPSec.
PPTP
PPTP uses Point-to-Point Protocol (PPP) user authentication methods and Microsoft Point-to-Point Encryption (MPPE) to encrypt IP traffic. PPTP supports the use of Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP v2) for password-based authentication. For stronger authentication for PPTP connections, you can use smart cards or certificates to implement Extensible Authentication Protocol/Transport Level Security (EAP/TLS) authentication.
PPTP is widely supported and easily deployed, and it works with most network address translators (NATs). Although it is not considered as secure as IPSec, a PPTP-based VPN solution can reduce costs associated with implementing a certificate infrastructure and is less complex to administer than IPSec because it does not require digital certificates.
L2TP/IPSec
L2TP/IPSec is the more secure of the two VPN protocols, using PPP user authentication methods and IPSec encryption to encrypt IP traffic. You can also use certificate-based computer authentication to create IPSec security associations in addition to PPP-based user authentication. L2TP/IPSec provides data integrity, data origin authentication, data confidentiality, and replay protection for each packet.
VPN Authentication Options
In addition to selecting a VPN tunneling protocol, you must also choose an authentication protocol and choose whether to use a RADIUS or RSA SecurID for authentication. Choosing the appropriate authentication mechanism is essential when designing a VPN implementation because not all VPN clients support the most secure authentication options. The authentication mechanism should be as secure as possible while still enabling VPN client access.