Hi, I have a basic question. I am looking to use L2TP (for those clients that do not support SSTP), and I am looking at the encryption part. I am going to use L2TP/IPSec, and so the question is, is MPPE necessary in this case? Should I tick "No encryption" in the network policy server? Will this still encrypt the traffic with IPSec? If not, what are additional steps I need to take? Many thanks for answers to such a trivial question.

MPPE is used in combination with PPTP and PPP connections to provide link encryption. When using L2TP the link (node-to-node) is encrypted using IPSec and SSTP uses SSL to provide necessary encryption. Please read more about MPPE and different VPN protocols: http://technet.microsoft.com/en-us/library/cc780018(WS.10).aspx http://technet.microsoft.com/en-us/library/cc771298(WS.10).aspx /Hasain

Thanks for the answer. So what I gather is that when using L2TP, only IPSec is used for encryption. However, I cannot seem to find any encryption settings aside from MPPE in the Network Policy Server. So what should I do? Do I need to install or configure something in order to be able to configure IPSec encryption or should I just tick "no encryption"? I'm using Windows Server 2008 R2, btw.

IPSec encryption is always enabled and you can only configure the encryption strength so basically always select Strongest to get 128 bit encryption. /Hasain

I can only select the strength of the MPPE encryption. But when I select anything other than "No encryption," I get problems with non-Windows clients.

Its is a shared setting between MPPE and IPSec and you need to configure the level to have the RRAS server to set the minimum encryption level. Read more about Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS) http://support.microsoft.com/kb/954394 /Hasain

Still, it is weird. When I try to connect through an Android device using L2TP, I get the following error: "CoId={NA}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: xxx. The remote computer does not support the required data encryption type." The weird this is that the server is not configured to accept PPTP connections. I've disabled the interface and configured network policy to accept only L2TP and SSTP. I've also configured the firewall to block port 1723. I am confused. Perhaps I had better check with their support. EDIT: It should be noted that I can't connect to the server via L2TP via the computer, either. I don't get a connection, and I don't see any errors in the error log. The computer can communicate as Wireshark clearly shows, but they're saying, I have no idea.