Your network consists of one Active Directory domain. The domain contains servers that run
Windows Server 2008. The servers are configured as shown in the following table. (Click the Exhibit)

All client computers run Windows Vista Service Pack 1 (SP1). Remote domain users at a customer
site report that they can access Server2 from the Internet by using the URL
https://portal.contoso.com. They also report that a firewall at the customer site prevents all other
outbound connections. You need to implement a solution to enable remote users to access files on
Server3 from a VPN connection. Which connection should you enable on Server1?

A.
IPsec tunnel mode

B.
L2TP

C.
PPTP

D.
Secure Socket Tunneling Protocol (SSTP)

Explanation:
To plan a solution that would allow the remote users using firewall on their remote locations to
access files on Server3 through a VPN connection, you need to configure Secure Socket Tunneling
Protocol (SSTP) connection. Before Windows Server 2008, all kinds of VPN connections such as PPTP
L2TP, and IPSec had problems with firewalls, NATs, and Web proxies. To prevent problems, firewalls
must be configured to allow connections. If your VPN client computer is behind a NAT, both the VPN
client and the VPN server must support IPsec NAT-Traversal (NAT-T). Besides, VPN server can’t be
located behind a NAT, and that L2TP/IPsec traffic can’t flow through a Web proxy. With the advent
of SSTP in Windows Server 2008 all the VPN connectivity problems such as firewalls, NATs, and Web
proxies are solved. The SSTP connection allows the use of HTTP over secure sockets layer (SSL). SSTP
uses an HTTP-over-SSL session between VPN clients and servers to exchange encapsulated IPv4 or
IPv6 packets.
The Cable Guy: The Secure Socket Tunneling Protocol / The New VPN Solution
http://technet.microsoft.com/en-us/magazine/cc162322.aspx