I've never done IPSEC because it seems like such a PITA. Is the primary reason to use it for interop with other vendors?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Butch Evans" <but...@butchevans.com> To: mikrotik@mail.butchevans.com Sent: Tuesday, April 8, 2014 4:21:01 PM Subject: Re: [Mikrotik] IP-SEC vs. SSTP On 04/08/2014 03:48 PM, Mike Hammett wrote: > Why is one better than the other? Short answer: Neither. Moderately longer answer: SSTP works better behind a NAT and works on port 443, so firewalls are usually not an issue for these. REALLY longer answer: It really depends. IMO, with modern options (for MT specific options), I think a "site to site" option that is better than either of these is OpenVPN. OVPN works behind NAT and you can define the ports to be used, so firewalls are not an issue. It is a bit easier (again, my opinion) to configure and troubleshoot than the other options. Having said that, the SSTP is a client built into Windows, so if you have a "roaming" client, then this may be the best option. Additionally, most other router vendors have IPSEC built-in, so in some cases, that may be the best choice. All things being equal, personally, I like the OVPN option. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/ _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/f8472cdc/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS