L2TP/IPsec Encryption Strength (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN



Message


johnspie -> L2TP/IPsec Encryption Strength (15.Jun.2006 10:15:38 PM)

Hello,
 
I have successfully set up a L2TP/IPsec VPN using ISA 2004.
 
It doesn't appear that the encryption strength can be set anywhere in the ISA interface, as I would like to remove the 40bit and 56bit DES Encryption option.
 
So my question is:
 
Will manually editing the encryption portion of the ISA Default Policy mess things up with ISA or is this only way to achieve this?
 
Thanks in Advance.
 
You guys are invaluable!
John




spouseele -> RE: L2TP/IPsec Encryption Strength (15.Jun.2006 10:27:38 PM)

Hi John,

the ISA Default Policy is owned by ISA server itself. Any manual change made to it will be overwritten with the next service/server restart. Your best option is to use IAS (a Radius server) to customize the VPN policies.

HTH,
Stefaan




ClintD -> RE: L2TP/IPsec Encryption Strength (16.Jun.2006 3:05:17 AM)

Just to be clear - even though you stipulate 3DES in the Remote Access Policy (High Encryption), a client will still be able to connect - initially - if the client stipulates DES in it's connectoid. The check for encryption strength is made after the IPSec connection is established by the Routing and Remote Access component (not the IPSec component). After the RRAS policy policy check kicks in, the client will be disconnected if it only allow DES.




Page: [1]