I have a Windows 2000 VPN server behind a Cisco PIX firewall, allowing remote clients to connect thourgh PPTP,( Initial authentication is done on L2TP). I have Tcp port 1723 mapped to VPN server through PIX to allow the clients to hit the server. I want to know how secure PPTP is, in both aspects of how secure it is on the firewall (port mapping)and also how secure it is to route through internet.
Any conduit you apply to a firewall presents a vulnerability to your network. That is one of the reasons that Cisco introduced VPN termination on the firewall itself. This is not to make you paranoid about applying conduits but know that it is less secure than not having one to start with. That said, Microsoft has improved PPTP to fix many major security weaknesses. However the main weakness of PPTP still remains. It is only as secure as the user-selected password. Distributed attacks against password files are easier and easier as home pcs become more and more powerful. PPTP had its place but you are better off migrating to IPSec. IPSec doesnt rely on the username and password for its encryption algorithm. In fact the key exchange itself is much more secure and is available in different strengths, 56 bit (similar to PPTP but more secure) and 3DES (128 bit) for very strong encryption. Just my two cents.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...