Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Networking

In Networking:
News
Reviews
Features
How-tos
Slideshows

Top How-Tos / Advice articles

Microsoft develops new tunneling protocol

SSTP for secure networks, wherever you are.

By John Fontana, Network World | Network World US | Published: 10:04, 22 January 2007

Microsoft is working on a new tunneling protocol for Vista and Longhorn that will provide secure network access from anywhere on the Net.

The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NAT) routers that sit between clients and servers.

The protocol, however, is only for remote access and will not support site-to-site VPN tunnels.

Microsoft hopes SSTP will help reduced help desk support calls associated with IPSec VPNs when those connections get blocked by firewalls or routers. The protocol will also use the same controls as previously so retraining shouldn't be needed. The SSTP-based VPN tunnel plugs directly into current interfaces for Microsoft VPN client and server software.

Microsoft plans to ship SSTP support in Vista Service Pack 1 and in Longhorn Server. The ship date for Vista SP1 has not been set, but Longhorn is expected to ship in the second half of this year. SSTP will be included in Longhorn Server Beta 3, which will available in the first half of this year.

Despite incorporating the SSL 3.0 and HTTP 1.1 with 64 -it content length encoding standards, Microsoft does not plan to seek standardisation of SSTP, according to officials. Because SSTP is only a tunneling protocol it cannot be directly compared to SSL VPNs, the company said.

"However, since SSTP provides full-network VPN access over SSL, RRAS can provide customers with a baseline SSL VPN solution or be a building block in a more comprehensive SSL VPN solution by providing a generic SSL tunnel," said Samir Jain, lead program manager for RRAS at Microsoft. "SSTP also provides support in the server to block specific IPs and subnets."

On his blog , Jain has provided a step-by-step description of how SSTP works , and how to configure it on the client side. In general, he says SSTP creates a thin layer to "allow Point-to-Point Protocol (PPP) traffic, which is datagram oriented to be encapsulated over an SSL session, which is stream oriented -- hence giving firewall traversal. The encryption is done over SSL and user authentication is done using PPP."

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.