Solved

Relationship between L2TP and IPSEC  (vpn question)

Posted on 2004-08-30
10
1,210 Views
Last Modified: 2008-03-06
A member from EE explained some of it to me already. That L2TP relies on IPSEC for encryption, since L2TP offers only authentication in it's native form.  Did I understand him correctly?

Now, how do the 2 work together????

L2TP encapsulates existing packets and sends them across the internet to the destined VPN correct? When using IPSEC, does IPSEC tunnel L2TP?

Thanks
0
Comment
Question by:dissolved
  • 5
  • 4
10 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 250 total points
ID: 11932906
L2TP - Layer 2 Tunneling Protocol.  This is the protocol that encapsulates the packet and "tunnels" it into your company's LAN.  It's the basically the transport mechanism for the VPN.

IPSec is the encryption to the encapsulted (tunneled) packet.  IPSec ensures that the packet cannot be read - both the header and the data, as it makes its way across the internet.

So basicallty in a L2TP/IPsec VPN, the computer first packages the data into a L2TP packet and then the IPSec encrypts the packet for delivery.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11933558
To add, L2TP does not encrypt withouth IPSec. It is a tunnelling mechanism like LimSMJ stated. IPSec is the package of protocols used to encrypt and authenticate (ESP) or just authenticate (AH). It can be used with L2TP (tunnel mode) or by itself (transport mode)...

In Windows 2000, you can setup a routing and remote access server (rras) and setup a VPN using L2TP for tunneling, and configure it to use IPSec for encryption in group policies. If you are not going to do all of the above, you can also setup your windows 2000 systems to communicate securely by IPSec alone (transport mode).

In tunneling with IPSec, make sure you are using common protocols (AH or ESP) between each host/client, common authentication methods (Kerberos, preshared keys, certificates).

Best Regards,
J.Nguyen, MCSA

0
 

Author Comment

by:dissolved
ID: 11935036
thanks J. What is more widely used. Transport mode or tunneled IPSEC?
Thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11936560
The tunnel mode is used in Virtual Private Networks (VPN) and the transport mode is used in secure communication between servers. Both are used just as common.

The use of IPSec depends on what you are trying to do. Are you trying to setup a server to talk with another server securely or are you setting up a VPN with L2TP tunneling?

As I am looking back on your question, you seem to be heading towards VPN and tunneling issues. PPTP is another type of tunneling that uses other types of encryption, such as MS-Chap and MS-Chap v2. It is the Microsoft's version of tunneling. L2TP, Cisco's protocol relies on IPSec for encryption. Basically, no IPSec, no encryption.

If I may, what are you trying to do with IPSec? What kind of operating system are you planning to use it with?

Best Regards,
J.Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11936735
We are trying to connect a remote site to our headquarters. This way the VPN is transparent to the users at the remote site.   The remote site is going to actually be used in case of emergency.
THanks
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11937646
You can read all about VPN and L2TP here: http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

What operating system are you using? Windows 2000?

How are you connecting to the remote site? Dial-up? Permanent internet connection?

If you are clustering your systems, you may run into a few problems if you have switches in between your system and the remote system. More on this later if you are running switches instead of hubs.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11937724
Here are step by step procedures from Microsoft.

Configuring a VPN Solution Step-by-Step
http://www.microsoft.com/serviceproviders/whitepapers/configur_vpn_solution.asp

Configuring Remote Access/ VPN
http://www.microsoft.com/serviceproviders/whitepapers/config_remote_access_VPN_win2k.asp

Good luck on your installation,

Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11937852
The cisco routers on either end will be acting as the VPN servers.  So we will be doing L2TP inside of IPSEC.  Unless you have a suggestion (such as purchasing a stand alone VPN server rather than using the router as one)

Thanks for the links Joey.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11938603
In your case, with the Cisco routers, you should check your Cisco router manuals. If you don't have it, Cisco website should have what you need.

The routers should handle the tunneling and vpn, thus making the rest of the internal network oblivious that the vpn ever existed, which is good for administrative reasons.

I wish I knew more about Cisco to help you.

Again, remember that L2TP is like a hose (tunnel) and IPSec is the container(encryption and authentication) that wraps the liquid (data).

Since you are using the routers, you really don't need to configure your servers - just your routers. I'm sure there is a cisco expert you can turn to. Again, your manual should be a great guide.

Good luck,
Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11940773
thanks again Joey
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Skype for Business video calls drops 2 58
f5 Persistence 14 51
New firewall implementation guidance 12 60
Cisco 3650 switch 7 31
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question