How to configure RRAS based SSTP VPN server behind F5 BIGIP SSL load balancer

Hello All, In this blog, I will discuss how to load balance SSTP based VPN servers using a F5 BIGIP SSL load balancer. Lets look at the deployment scenario first: You are having a pool of RRAS based VPN servers hosted behind F5 BIGIP load balancer. The F5 BIGIP load balancer terminates the HTTPS connections…


VPN tunnel strategy – defining the connection order between various tunnel types

Hello Customers,   As I wrote in this blog, there are four types of VPN tunnel supported by Windows 7 based VPN clients. In this blog I will focus on following things: how do you configure tunnel types on the client, how to decide on the tunnel type order while establishing connection, …   Lets…


How to change certificate on SSTP server – in Windows server 2008 R2

Hi Folks, Very soon Windows 7 and Windows Server 2008 R2 will be released and it is very exciting that beta version of these new operating system is available for public download. So, go ahead and start using it and provide your valuable feedback to us. In this blog I will talk about a new…


Do we still need PPTP & L2TP/IPsec after Windows 7

Hi Folks, Our team member Samir Jain has posted a nice blog on how you should decide which tunnel to use/deploy for your scenario. The details for the same are given at which tunnel to use. In this blog, I would like to understand further on a possibility of deprecating PPTP & L2TP/IPsec VPN tunnels going forward – i.e. after Windows…


Different VPN tunnel types in Windows – which one to use?

Hello Folks,   I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence. Isn’t that COOL – like VPN user moving…


SSTP support on SBS 2008

Hello, As you know SSTP support in Windows Server 2008 allows you to configure RRAS server role as SSL based L3 VPN server – which allows VPN clients (currently Vista SP1, WS08 and later releases) to connect from anywhere – behind firewalls/NAT. If you would like to run Small business server (SBS) on top of WS08 server and…


Publishing SSTP based VPN server using ISA2006 Firewall

Hello,   If you will like to use SSTP based VPN server (which is part of RRAS server in Windows server 2008) behind a ISA2006 Firewall, please refer to following articles – Thanks a bunch to Thomas Shinder   Samir JainSenior Program ManagerWindows Enterprise Networking   [This posting is provided “AS IS” with…


SSTP Remote Access Virtual Lab Available @ TechNet

Hi All, Virtual Lab for deploying the SSTP Remote Access is available at or Cheers, Abhishek Tiwari ( **) Sr. Lead Program Manager Windows Core Operating System Networking Division ** Remove the “online” to actually email me  [This posting is provided “AS IS” with no warranties, and confers no rights.]


Getting Certificate from third party Certificate Authorities for SSTP

SSTP as you know requires a machine certificate to be installed on the VPN server. Most of the times, when the administrators need this machine certificate, they can configure a CA Server and get the certificates from this CA. But for this to work, the CDPs (CRL Distribution Point) need to be published on some…


How to deploy SSTP based VPN server and IIS on the same machine

This blog is going to tell about how SSTP can be affected by configuring IIS Server on the same Server and how to get rid of this problem without moving the IIS Server to a different machine.   Let’s us first know what kind of issue can arise if IIS is configured alongwith SSTP on…