I have a question about the virtual private network (VPN) server included in Windows Server 2012. Does it use a specific port to communicate with other devices? If so, what port is it using?
One of the features of the new Microsoft Windows Server 2012 is support for Virtual Private Networks (VPNs). A VPN Server allows you to connect with other devices, using a secure, encrypted connection. When you install the VPN Server, you are given the option of using a specific port for the network connection or leaving it open to use the Internet default port (TCP/IP: 22).
While most users will opt for the default port (22), it is worth considering what other ports are available. There are several different VPN protocols, each with their own associated port. For example, using IPSec, the default port is 137, and you can use 68 or 521 additional ports.
Does It Use A Specific IP Address?
Another thing to consider with a VPN Server is the IP address used for network communication. Again, this is specified when you install the software and can be configured (again, using the web UI) to use either a class A or B IP range.
A VPN Server uses your company’s internal IP address or a public IP address from a cloud service (like Amazon’s Elastic IP) to connect to other devices. In this case, you can use a private IP address from your own network to communicate with the VPN Server.
What Kind Of Authentication Does It Use?
Like most security-related software, the VPN Server uses some type of authentication. This could be a password, a token credential, or even a challenge-response mechanism. Most VPN servers use username/password authentication, which is simple but easily defeated by a determined attacker.
The good thing about this type of authentication is that it is very easy to validate. Simply need to confirm that the user is who they say they are (e.g., by comparing a password or token). As I mentioned earlier, this type of authentication is easily defeated by a determined attacker. So, as a security measure, it is not recommended to use passwords or tokens for authentication with VPNs.
Does It Provide Two-Factor Authentication (2FA)?
Users who have 2FA enabled on their smartphones will be able to use this as a second factor of authentication when logging into a service that supports it. This is typically used in combination with a username and password to authenticate a user.
Many services offer this feature nowadays, so it is worth considering whether or not to use it. I wouldn’t recommend using 2FA with a VPN, as it is pretty easy to get an MITM attack (man-in-the-middle) going. As a general rule, I would recommend enabling 2FA for sensitive logins (e.g., financial transactions) and disabling it for less sensitive logins (like social networks or email).
What Is The Protocol It Uses?
The VPN protocol determines how data is transferred between devices. There are several commonly used VPN protocols, such as PPTP, L2TP, and IPSec. Each of these protocols has their strengths and weaknesses, which you need to consider before choosing which one to use.
For example, PPTP is popular because it is relatively easy to set up. It is also well-supported by most software and hardware vendors. However, PPTP is not very secure and is thus not recommended for use in sensitive environments. L2TP, on the other hand, is a more secure protocol and is thus preferred for secure environments. However, setting up L2TP is more complex because you need to purchase and configure special network hardware (e.g., Cisco IPSec adapters).
Cisco supports both PPTP and L2TP, so it would be a good idea to check with your network equipment provider to see if they support these protocols or any others.
Does It Support High Availability (HA)?
One of the things to consider with any type of VPN server is high availability and redundancy. Does it support this? If so, how much?
To provide high availability, the VPN Server needs to be configured to use either a hardware or virtual load balancer. A hardware load balancer is a device (usually a server) that distributes network traffic across several servers. As the name implies, a virtual load balancer is a piece of software (usually also running on a server) that performs the same function.
The advantage of a virtual load balancer is that it can be installed on multiple servers and configured to distribute network traffic across them. This means that even if one of the servers crashes or fails for some reason, the system will still be available.
Also worth considering is the VPN Server’s log file rotation and monitoring capabilities. Does it keep track of all connections and activity? If so, how? Are there any options to alert system administrators if a problem is detected?
The answers to these questions will help determine if the Windows Server 2012’s VPN is a good fit for your organization. If you have a server that can handle all your VPN needs, then this is a great option. Otherwise, it may be best to consider an alternative.