Solved

Relationship between L2TP and IPSEC  (vpn question)

Posted on 2004-08-30
10
1,207 Views
Last Modified: 2008-03-06
A member from EE explained some of it to me already. That L2TP relies on IPSEC for encryption, since L2TP offers only authentication in it's native form.  Did I understand him correctly?

Now, how do the 2 work together????

L2TP encapsulates existing packets and sends them across the internet to the destined VPN correct? When using IPSEC, does IPSEC tunnel L2TP?

Thanks
0
Comment
Question by:dissolved
  • 5
  • 4
10 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 250 total points
Comment Utility
L2TP - Layer 2 Tunneling Protocol.  This is the protocol that encapsulates the packet and "tunnels" it into your company's LAN.  It's the basically the transport mechanism for the VPN.

IPSec is the encryption to the encapsulted (tunneled) packet.  IPSec ensures that the packet cannot be read - both the header and the data, as it makes its way across the internet.

So basicallty in a L2TP/IPsec VPN, the computer first packages the data into a L2TP packet and then the IPSec encrypts the packet for delivery.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
To add, L2TP does not encrypt withouth IPSec. It is a tunnelling mechanism like LimSMJ stated. IPSec is the package of protocols used to encrypt and authenticate (ESP) or just authenticate (AH). It can be used with L2TP (tunnel mode) or by itself (transport mode)...

In Windows 2000, you can setup a routing and remote access server (rras) and setup a VPN using L2TP for tunneling, and configure it to use IPSec for encryption in group policies. If you are not going to do all of the above, you can also setup your windows 2000 systems to communicate securely by IPSec alone (transport mode).

In tunneling with IPSec, make sure you are using common protocols (AH or ESP) between each host/client, common authentication methods (Kerberos, preshared keys, certificates).

Best Regards,
J.Nguyen, MCSA

0
 

Author Comment

by:dissolved
Comment Utility
thanks J. What is more widely used. Transport mode or tunneled IPSEC?
Thanks
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
The tunnel mode is used in Virtual Private Networks (VPN) and the transport mode is used in secure communication between servers. Both are used just as common.

The use of IPSec depends on what you are trying to do. Are you trying to setup a server to talk with another server securely or are you setting up a VPN with L2TP tunneling?

As I am looking back on your question, you seem to be heading towards VPN and tunneling issues. PPTP is another type of tunneling that uses other types of encryption, such as MS-Chap and MS-Chap v2. It is the Microsoft's version of tunneling. L2TP, Cisco's protocol relies on IPSec for encryption. Basically, no IPSec, no encryption.

If I may, what are you trying to do with IPSec? What kind of operating system are you planning to use it with?

Best Regards,
J.Nguyen, MCSA
0
 

Author Comment

by:dissolved
Comment Utility
We are trying to connect a remote site to our headquarters. This way the VPN is transparent to the users at the remote site.   The remote site is going to actually be used in case of emergency.
THanks
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
You can read all about VPN and L2TP here: http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

What operating system are you using? Windows 2000?

How are you connecting to the remote site? Dial-up? Permanent internet connection?

If you are clustering your systems, you may run into a few problems if you have switches in between your system and the remote system. More on this later if you are running switches instead of hubs.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
Here are step by step procedures from Microsoft.

Configuring a VPN Solution Step-by-Step
http://www.microsoft.com/serviceproviders/whitepapers/configur_vpn_solution.asp

Configuring Remote Access/ VPN
http://www.microsoft.com/serviceproviders/whitepapers/config_remote_access_VPN_win2k.asp

Good luck on your installation,

Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
Comment Utility
The cisco routers on either end will be acting as the VPN servers.  So we will be doing L2TP inside of IPSEC.  Unless you have a suggestion (such as purchasing a stand alone VPN server rather than using the router as one)

Thanks for the links Joey.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
In your case, with the Cisco routers, you should check your Cisco router manuals. If you don't have it, Cisco website should have what you need.

The routers should handle the tunneling and vpn, thus making the rest of the internal network oblivious that the vpn ever existed, which is good for administrative reasons.

I wish I knew more about Cisco to help you.

Again, remember that L2TP is like a hose (tunnel) and IPSec is the container(encryption and authentication) that wraps the liquid (data).

Since you are using the routers, you really don't need to configure your servers - just your routers. I'm sure there is a cisco expert you can turn to. Again, your manual should be a great guide.

Good luck,
Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
Comment Utility
thanks again Joey
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now