Secure Socket Tunneling Protocol (SSTP) is a new form of (SSL-based) VPN tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic.
SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods such as EAP-TLS. The use of HTTPS means traffic will flow through TCP port 443. Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
SSTP supports multiple authentication methods such as passwords, smart cards, certificate-based and “One Time Password” authentication.
SSTP has integrated NAP support for client health check, by using the NPS (Network Policy Server – ex-IAS) for authentication and authorization.
SSTP is available through the Windows Server 2008 Routing and Remote Access VPN Server. IIS is not required for running SSTP, since RRAS listens to HTTPS connections directly over HTTP.SYS.
Only clients running Windows Vista SP1 are able to create SSTP-based VPN tunnels.
- Step by Step Guide: Deploying SSTP Remote Access
- Screencast: Deploying SSTP Remote Access
- Technet June 2007 Cable Guy SSTP article