Поделиться через

Advantages of SSTP based VPN tunnel

  • Статья

In last week blog, I wrote about SSTP - the new VPN tunnel which goes over HTTPS - hence increasing the coverage area of VPN connection to "everywhere". Today I am going to talk about advantages of SSTP compared to "network extension or full tunnel" solution delivered by other SSL products.

Note: I am not comparing web based access (i.e. clientless access) delivered by SSL vendors with SSTP.

* SSTP client will be available inside Vista SP1 clients and SSTP server will be available in LH Server OS.

* Integrated NAP support for client health-check. And NAP includes support for different kind of health check with extensibility by third party vendors (like antivirus, firewall etc).

* Full support for IPv6. SSTP VPN tunnel can be established across IPv6 internet. And IPv6 (or PPPv6) can be sent over SSTP based VPN tunnel.

* SSTP establishes single HTTPS channel from client to server - compared to two channel approach done by other vendors. This leads to better networ utilization (because outer TCP ACK/data can be piggy-backed) and load balancing story (every VPN session is one HTTPS session)

The good part of SSTP is it integrates with MS RAS client/server infrastructure seamlessly. For example, SSTP supports password + strong user authentication (like smart-card, RSA securID, etc) using various PPP authentication algorithm. Other features of RAS (like generating profiles using connection manager administration kit, remote access policies, etc) - just works - similar to other PPTP/L2TP.

This means just enable SSTP as a VPN tunnel on remote access client and RRAS server side and you are ready to go.

Samir Jain
Lead Program Manager
RRAS, Windows Enterprise Networking

[This posting is provided "AS IS" with no warranties, and confers no rights.]

Comments