Configuring Encryption for a VPN Solution

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In the remote access policy that governs VPN connections on the server, set the appropriate encryption strengths for PPTP and L2TP/IPSec connections. For a procedure for entering encryption settings in a remote access policy, see "Remote access/VPN server role: Configuring a remote access/VPN server" in Help and Support Center for Windows Server 2003.

For PPTP-based VPN connections, specify one of the following encryption strengths:

  • To support MPPE with a 40-bit key, select Basic.

  • To support MPPE with a 56-bit key, select Strong.

  • To support MPPE with a 128-bit key, select Strongest.

For L2TP/IPSec-based VPN connections, specify one of the following encryption strengths:

  • To support 56-bit DES, select either Basic or Strong.

  • To support 3DES encryption, select Strongest.

Note

  • The No Encryption level, which allows connections that do not use data encryption, is not recommended.

For more information about using Windows Server 2003 remote access policies, see "Introduction to remote access policies" in Help and Support Center for Windows Server 2003.