•
Negotiation of NAT-Traversal in the IKE—draft-ietf-ipsec-nat-t-ike-08.txt (July 2004
expiration)
•
UDP Encapsulation of IPsec ESP Packets—draft-ietf-ipsec-udp-encaps-09.txt
(November 2004 expiration)
NOTE:
IETF drafts are valid for only 6 months from the date of issuance. They must be
considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org
for the latest drafts.
For additional configuration information, see:
•
“Configuring IPSec” on page 119
•
“Configuring Digital Certificates” on page 205
•
“Configuring IP Tunnels” on page 237
•
L2TP Overview
L2TP/IPSec Tunnels
L2TP/IPSec remote access allows clients to connect to a corporate VPN over the public
Internet with a secure connection. The L2TP tunnel runs on top of an IPSec transport
mode connection. The secure tunnel runs from the client PC to the E Series router that
terminates the secure tunnel. For example, using L2TP with IPSec enables B-RAS clients
to securely connect to a corporate or other VPN in addition to using another unsecured
connection to the Internet, depending on the client software capabilities.
On the router side of the L2TP connection, the E Series router acts as the LNS. On the
PC client side of the connection, the client acts as the LAC and runs the L2TP/IPSec
client software on supported platforms. (For a list of the supported platforms, see “Client
Software Supported” on page 279.) Both sides of the connection run IPSec in transport
mode with Encapsulating Security Payload (ESP) encryption and authentication.
In the model shown in Figure 22 on page 278, a client PC connects to its local provider,
who gives the client a public IP address. Using the public IP address, the client PC initiates
an IPSec connection toward the L2TP/IPSec gateway for the private network that it
wants to connect to. After establishing the IPSec connection, the client establishes an
L2TP tunnel to the same L2TP/IPSec gateway, which provides the client with another
IP interface to access the private network it is connecting to. The L2TP tunnel is completely
protected by the IPSec connection established earlier.
277
Copyright © 2010, Juniper Networks, Inc.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
Summary of Contents for JUNOSE 11.2.X IP SERVICES
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Page 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Page 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Page 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Page 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Page 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Page 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Page 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Page 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Page 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Page 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Page 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Page 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...