Information Technology Reference
In-Depth Information
Windows Server 2012 R2 supports four different VPN protocols, Point to Point Tunneling
Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Internet Key Exchange version 2 (IKEv2),
and Secure Socket Tunneling Protocol (SSTP). These protocols are compared in Table 3-1. By
default, when you use the Routing And Remote Access Server Setup Wizard to configure VPN,
it creates VPN ports for all four protocols with a maximum of 128 ports each.
TABLE 3-1
VPN Protocols
IP Protocol
and Ports
Protocol
Security
Comments
PPTP
TCP 1723; GRE 47
Low
Widely available across virtually all platforms.
L2TP
UDP 500, UDP
4500, UDP 1701;
ESP 50
High
Uses IPSec, IKEv1. Difficult to configure, but suitable
for site-to-site VPNs and client VPNs. Supported by
Windows 2000, Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008.
SSTP
TCP 443 (SSL)
High
Easily used from almost any location. High overhead
Supported on Windows Vista SP1 and later, and on
Windows Server 2008. Used for Client VPN only, not
site-to-site VPN. Not cross-platform.
IKEv2
UDP 500, UDP
4500, UDP 1701;
ESP 50
High
Supports VPN Reconnect. Supports NAT Transversal.
Supported by Windows Server 2008 R2, Windows 7,
Windows Server 2012, Windows Server 2012 R2 and
Windows 8.x.
Windows Server 2012 added support for many VPN management operations. The
two modules that include VPN-related cmdlets are the RemoteAccess module and the
VpnClient module. The related cmdlets in the RemoteAccess module are for VPN server
operations, and the cmdlets in the VpnClient module are client operations. You can get a
complete list of VPN-related cmdlets by using the following command:
Get-Command -Module RemoteAccess,VpnClient `
| Sort-Object module,noun,verb `
| where {$_.Noun -match "Vpn" } `
| ft -auto verb,noun,Module
Configuring available VpN protocols
You can configure which protocols are available for VPN. The default is to use any available
protocol; follow these steps to remove a protocol:
1.
Open the Routing And Remote Access console (rrasmgmt.msc).
2.
Select and expand the VPN server you want to manage.
Right-click Ports and select Properties.
3.
4.
Select the Device for which you want to remove support and click Configure.
