Relationship between L2TP and IPSEC (vpn question)

A member from EE explained some of it to me already. That L2TP relies on IPSEC for encryption, since L2TP offers only authentication in it's native form.  Did I understand him correctly?

Now, how do the 2 work together????

L2TP encapsulates existing packets and sends them across the internet to the destined VPN correct? When using IPSEC, does IPSEC tunnel L2TP?

Thanks
dissolvedAsked:
Who is Participating?
 
LimeSMJConnect With a Mentor Commented:
L2TP - Layer 2 Tunneling Protocol.  This is the protocol that encapsulates the packet and "tunnels" it into your company's LAN.  It's the basically the transport mechanism for the VPN.

IPSec is the encryption to the encapsulted (tunneled) packet.  IPSec ensures that the packet cannot be read - both the header and the data, as it makes its way across the internet.

So basicallty in a L2TP/IPsec VPN, the computer first packages the data into a L2TP packet and then the IPSec encrypts the packet for delivery.
0
 
HackLifeConnect With a Mentor Commented:
To add, L2TP does not encrypt withouth IPSec. It is a tunnelling mechanism like LimSMJ stated. IPSec is the package of protocols used to encrypt and authenticate (ESP) or just authenticate (AH). It can be used with L2TP (tunnel mode) or by itself (transport mode)...

In Windows 2000, you can setup a routing and remote access server (rras) and setup a VPN using L2TP for tunneling, and configure it to use IPSec for encryption in group policies. If you are not going to do all of the above, you can also setup your windows 2000 systems to communicate securely by IPSec alone (transport mode).

In tunneling with IPSec, make sure you are using common protocols (AH or ESP) between each host/client, common authentication methods (Kerberos, preshared keys, certificates).

Best Regards,
J.Nguyen, MCSA

0
 
dissolvedAuthor Commented:
thanks J. What is more widely used. Transport mode or tunneled IPSEC?
Thanks
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
HackLifeConnect With a Mentor Commented:
The tunnel mode is used in Virtual Private Networks (VPN) and the transport mode is used in secure communication between servers. Both are used just as common.

The use of IPSec depends on what you are trying to do. Are you trying to setup a server to talk with another server securely or are you setting up a VPN with L2TP tunneling?

As I am looking back on your question, you seem to be heading towards VPN and tunneling issues. PPTP is another type of tunneling that uses other types of encryption, such as MS-Chap and MS-Chap v2. It is the Microsoft's version of tunneling. L2TP, Cisco's protocol relies on IPSec for encryption. Basically, no IPSec, no encryption.

If I may, what are you trying to do with IPSec? What kind of operating system are you planning to use it with?

Best Regards,
J.Nguyen, MCSA
0
 
dissolvedAuthor Commented:
We are trying to connect a remote site to our headquarters. This way the VPN is transparent to the users at the remote site.   The remote site is going to actually be used in case of emergency.
THanks
0
 
HackLifeConnect With a Mentor Commented:
You can read all about VPN and L2TP here: http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp

What operating system are you using? Windows 2000?

How are you connecting to the remote site? Dial-up? Permanent internet connection?

If you are clustering your systems, you may run into a few problems if you have switches in between your system and the remote system. More on this later if you are running switches instead of hubs.
0
 
HackLifeConnect With a Mentor Commented:
Here are step by step procedures from Microsoft.

Configuring a VPN Solution Step-by-Step
http://www.microsoft.com/serviceproviders/whitepapers/configur_vpn_solution.asp

Configuring Remote Access/ VPN
http://www.microsoft.com/serviceproviders/whitepapers/config_remote_access_VPN_win2k.asp

Good luck on your installation,

Joey Nguyen, MCSA
0
 
dissolvedAuthor Commented:
The cisco routers on either end will be acting as the VPN servers.  So we will be doing L2TP inside of IPSEC.  Unless you have a suggestion (such as purchasing a stand alone VPN server rather than using the router as one)

Thanks for the links Joey.
0
 
HackLifeConnect With a Mentor Commented:
In your case, with the Cisco routers, you should check your Cisco router manuals. If you don't have it, Cisco website should have what you need.

The routers should handle the tunneling and vpn, thus making the rest of the internal network oblivious that the vpn ever existed, which is good for administrative reasons.

I wish I knew more about Cisco to help you.

Again, remember that L2TP is like a hose (tunnel) and IPSec is the container(encryption and authentication) that wraps the liquid (data).

Since you are using the routers, you really don't need to configure your servers - just your routers. I'm sure there is a cisco expert you can turn to. Again, your manual should be a great guide.

Good luck,
Joey Nguyen, MCSA
0
 
dissolvedAuthor Commented:
thanks again Joey
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.