Solved

Relationship between L2TP and IPSEC  (vpn question)

Posted on 2004-08-30
10
1,217 Views
Last Modified: 2008-03-06
A member from EE explained some of it to me already. That L2TP relies on IPSEC for encryption, since L2TP offers only authentication in it's native form.  Did I understand him correctly?

Now, how do the 2 work together????

L2TP encapsulates existing packets and sends them across the internet to the destined VPN correct? When using IPSEC, does IPSEC tunnel L2TP?

Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 250 total points
ID: 11932906
L2TP - Layer 2 Tunneling Protocol.  This is the protocol that encapsulates the packet and "tunnels" it into your company's LAN.  It's the basically the transport mechanism for the VPN.

IPSec is the encryption to the encapsulted (tunneled) packet.  IPSec ensures that the packet cannot be read - both the header and the data, as it makes its way across the internet.

So basicallty in a L2TP/IPsec VPN, the computer first packages the data into a L2TP packet and then the IPSec encrypts the packet for delivery.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11933558
To add, L2TP does not encrypt withouth IPSec. It is a tunnelling mechanism like LimSMJ stated. IPSec is the package of protocols used to encrypt and authenticate (ESP) or just authenticate (AH). It can be used with L2TP (tunnel mode) or by itself (transport mode)...

In Windows 2000, you can setup a routing and remote access server (rras) and setup a VPN using L2TP for tunneling, and configure it to use IPSec for encryption in group policies. If you are not going to do all of the above, you can also setup your windows 2000 systems to communicate securely by IPSec alone (transport mode).

In tunneling with IPSec, make sure you are using common protocols (AH or ESP) between each host/client, common authentication methods (Kerberos, preshared keys, certificates).

Best Regards,
J.Nguyen, MCSA

0
 

Author Comment

by:dissolved
ID: 11935036
thanks J. What is more widely used. Transport mode or tunneled IPSEC?
Thanks
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11936560
The tunnel mode is used in Virtual Private Networks (VPN) and the transport mode is used in secure communication between servers. Both are used just as common.

The use of IPSec depends on what you are trying to do. Are you trying to setup a server to talk with another server securely or are you setting up a VPN with L2TP tunneling?

As I am looking back on your question, you seem to be heading towards VPN and tunneling issues. PPTP is another type of tunneling that uses other types of encryption, such as MS-Chap and MS-Chap v2. It is the Microsoft's version of tunneling. L2TP, Cisco's protocol relies on IPSec for encryption. Basically, no IPSec, no encryption.

If I may, what are you trying to do with IPSec? What kind of operating system are you planning to use it with?

Best Regards,
J.Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11936735
We are trying to connect a remote site to our headquarters. This way the VPN is transparent to the users at the remote site.   The remote site is going to actually be used in case of emergency.
THanks
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11937646
You can read all about VPN and L2TP here: http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

What operating system are you using? Windows 2000?

How are you connecting to the remote site? Dial-up? Permanent internet connection?

If you are clustering your systems, you may run into a few problems if you have switches in between your system and the remote system. More on this later if you are running switches instead of hubs.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11937724
Here are step by step procedures from Microsoft.

Configuring a VPN Solution Step-by-Step
http://www.microsoft.com/serviceproviders/whitepapers/configur_vpn_solution.asp

Configuring Remote Access/ VPN
http://www.microsoft.com/serviceproviders/whitepapers/config_remote_access_VPN_win2k.asp

Good luck on your installation,

Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11937852
The cisco routers on either end will be acting as the VPN servers.  So we will be doing L2TP inside of IPSEC.  Unless you have a suggestion (such as purchasing a stand alone VPN server rather than using the router as one)

Thanks for the links Joey.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11938603
In your case, with the Cisco routers, you should check your Cisco router manuals. If you don't have it, Cisco website should have what you need.

The routers should handle the tunneling and vpn, thus making the rest of the internal network oblivious that the vpn ever existed, which is good for administrative reasons.

I wish I knew more about Cisco to help you.

Again, remember that L2TP is like a hose (tunnel) and IPSec is the container(encryption and authentication) that wraps the liquid (data).

Since you are using the routers, you really don't need to configure your servers - just your routers. I'm sure there is a cisco expert you can turn to. Again, your manual should be a great guide.

Good luck,
Joey Nguyen, MCSA
0
 

Author Comment

by:dissolved
ID: 11940773
thanks again Joey
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question