[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Relationship between L2TP and IPSEC  (vpn question)

Posted on 2004-08-30
10
Medium Priority
?
1,223 Views
Last Modified: 2008-03-06
A member from EE explained some of it to me already. That L2TP relies on IPSEC for encryption, since L2TP offers only authentication in it's native form.  Did I understand him correctly?

Now, how do the 2 work together????

L2TP encapsulates existing packets and sends them across the internet to the destined VPN correct? When using IPSEC, does IPSEC tunnel L2TP?

Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 1000 total points
ID: 11932906
L2TP - Layer 2 Tunneling Protocol.  This is the protocol that encapsulates the packet and "tunnels" it into your company's LAN.  It's the basically the transport mechanism for the VPN.

IPSec is the encryption to the encapsulted (tunneled) packet.  IPSec ensures that the packet cannot be read - both the header and the data, as it makes its way across the internet.

So basicallty in a L2TP/IPsec VPN, the computer first packages the data into a L2TP packet and then the IPSec encrypts the packet for delivery.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11933558
To add, L2TP does not encrypt withouth IPSec. It is a tunnelling mechanism like LimSMJ stated. IPSec is the package of protocols used to encrypt and authenticate (ESP) or just authenticate (AH). It can be used with L2TP (tunnel mode) or by itself (transport mode)...

In Windows 2000, you can setup a routing and remote access server (rras) and setup a VPN using L2TP for tunneling, and configure it to use IPSec for encryption in group policies. If you are not going to do all of the above, you can also setup your windows 2000 systems to communicate securely by IPSec alone (transport mode).

In tunneling with IPSec, make sure you are using common protocols (AH or ESP) between each host/client, common authentication methods (Kerberos, preshared keys, certificates).

Best Regards,
J.Nguyen, MCSA

0
 

Author Comment

by:dissolved
ID: 11935036
thanks J. What is more widely used. Transport mode or tunneled IPSEC?
Thanks
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11936560
The tunnel mode is used in Virtual Private Networks (VPN) and the transport mode is used in secure communication between servers. Both are used just as common.

The use of IPSec depends on what you are trying to do. Are you trying to setup a server to talk with another server securely or are you setting up a VPN with L2TP tunneling?

As I am looking back on your question, you seem to be heading towards VPN and tunneling issues. PPTP is another type of tunneling that uses other types of encryption, such as MS-Chap and MS-Chap v2. It is the Microsoft's version of tunneling. L2TP, Cisco's protocol relies on IPSec for encryption. Basically, no IPSec, no encryption.

If I may, what are you trying to do with IPSec? What kind of operating system are you planning to use it with?

Best Regards,
J.Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11936735
We are trying to connect a remote site to our headquarters. This way the VPN is transparent to the users at the remote site.   The remote site is going to actually be used in case of emergency.
THanks
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11937646
You can read all about VPN and L2TP here: http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

What operating system are you using? Windows 2000?

How are you connecting to the remote site? Dial-up? Permanent internet connection?

If you are clustering your systems, you may run into a few problems if you have switches in between your system and the remote system. More on this later if you are running switches instead of hubs.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11937724
Here are step by step procedures from Microsoft.

Configuring a VPN Solution Step-by-Step
http://www.microsoft.com/serviceproviders/whitepapers/configur_vpn_solution.asp

Configuring Remote Access/ VPN
http://www.microsoft.com/serviceproviders/whitepapers/config_remote_access_VPN_win2k.asp

Good luck on your installation,

Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11937852
The cisco routers on either end will be acting as the VPN servers.  So we will be doing L2TP inside of IPSEC.  Unless you have a suggestion (such as purchasing a stand alone VPN server rather than using the router as one)

Thanks for the links Joey.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11938603
In your case, with the Cisco routers, you should check your Cisco router manuals. If you don't have it, Cisco website should have what you need.

The routers should handle the tunneling and vpn, thus making the rest of the internal network oblivious that the vpn ever existed, which is good for administrative reasons.

I wish I knew more about Cisco to help you.

Again, remember that L2TP is like a hose (tunnel) and IPSec is the container(encryption and authentication) that wraps the liquid (data).

Since you are using the routers, you really don't need to configure your servers - just your routers. I'm sure there is a cisco expert you can turn to. Again, your manual should be a great guide.

Good luck,
Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11940773
thanks again Joey
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question