If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do believe there are provisions within MS's specification that will provide some sort of encryption for the data payload... you just have to be savvy enough to enable them. I'll have to look that one up.
If using IPSec - depends on what flavor of IPSec protocol your using (transport vehicle such as ESP or AH). If using AH, you're in the same boat as PPTP above. If using ESP in Tunnel Mode, then *all* traffic between the two hosts (as specified by the split-tunnel/proxy lists) is encrypted. ESP in Transport Mode will not provide Data pattern confidentiality (but still provides the other services listed above including encryption) as it reuses the original IP header. Hope this helps, Aaron ________________________________ From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
