The following excerpt is from Chapter 7 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.
VPN protocol choices
Because you are moving from PPTP to L2TP/IPSec, it's important to consider the differences between the two protocols. Both are choices for Windows VPNs. Of the two, L2TP/IPSec is considered the more secure but both have advantages and disadvantages.
It is possible to have a non-encrypted PPTP or IPSec tunnel. By definition, VPN just means the connection of two networks across a third network. This type of a tunnel, one that does not use encryption, is not recommended. Tunneling alone affords little protection. The information about protocols provided here is very brief and introductory. One source for learning more about the protocols is through each protocol's Request for Comments (RFC), which can be found at http://www.rfc-editor.org/rfcsearch.html. L2TP is RFC 2661 and IPSec is RFC 2401.
Click for the next excerpt in this series: Point-to-Point Tunneling Protocol.
Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.
Dig deeper on Windows Server and Network Security