Microsoft Has Announced new SSL-VPN Protocol - SSTP

Microsoft is now working on a remote access tunneling protocol for Vista and Longhorn Server that lets client devices securely access networks via a VPN from anywhere on the Internet without concern for typical port blocking issues.

The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated with VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NAT) routers that sit between clients and servers.

The protocol, however, is only for remote access and will not support site-to-site VPN tunnels.

Microsoft hopes SSTP will help reduced help desk support calls associated with IPSec VPNs in which connections get blocked by firewalls or routers. In addition, SSTP won’t foster retraining issues because it does not change the end-user VPN controls. The SSTP-based VPN tunnel plugs directly into current interfaces for Microsoft VPN client and server software.

Microsoft plans to ship SSTP support in Vista Service Pack 1 and in Longhorn Server. The ship date for Vista SP1 has not been set, but Longhorn is expected to ship in the second half of this year. SSTP will be included in Longhorn Server Beta 3, which is set to ship in the first half of 2007.

Microsoft officials also say they are working with partners -- the company declined to name -- on adding SSTP to other client devices besides Vista.

SSTP will be part of Microsoft’s Routing and Remote Access Server (RRAS) in Longhorn Server. The protocol is based on Secure Socket Layer (SSL) instead of PPTP or IPSec, and all SSTP traffic will use TCP Port 443.

You can find more information on the Source for this article