Overview of Secure VPN Implementation - Page 11
L2TP Implementation
With IP Office version 3.0+, VPN implementation of an L2TP tunnel presents a routable
destination. The configured L2TP tunnel is available in the routing table as an IP
destination interface. IPSec is different in this respect in that it applies a treatment or
protection to specified IP addresses. Protected packets are encrypted packets (called
ESPs) that are routed to the appropriate destination using the routing table in the
normal way. IP Office secure VPN solutions comprise both IPSec and L2TP. The
relationship between IPSec and L2TP is therefore symmetrical and provides for the
following:
•
IPSec inside L2TP: IPSec protected packets (ESP) routed to an LT2P destination
•
L2TP inside IPSec: LT2P packets to be protected by IPSec
The table below details the advantages/ disadvantages of IPSec, L2TP and the
symmetrical relationship between the two:
IPSec
L2TP
IPSec in L2TP
L2TP Inside IPSec
Advantages
•
Encrypts data
Disadvantages
•
Packets
must not
be excessively re-
ordered in the
same tunnel
Advantages
•
Can be used for
Inter-tunneling
•
PPP IP Header
compression
support
Disadvantages
•
No Data
Encryption
•
Packets
must not
be excessively re-
ordered in the
same tunnel
Advantages
•
Can be used to
with existing LT2P
systems
Disadvantages
•
L2TP negotiation
can be observed
on the Public
Network
•
Packet size
Advantages
•
Can be used for
inter-tunneling
•
L2TP negotiation
cannot be
observed on the
Public Network
•
Commonly used
by Microsoft
Disadvantages
•
Packet size
Guidelines
1. IP Office is able to allow IPSec packets to pass through a NAT enable interface.
However this facility is only available when the IPSec tunnel is either originated or
terminated on a local interface.
IP Office (R3.0) Virtual Private Networking
Overview of Secure VPN Implementation - Page 11
40DHB0002UKER Issue 3 (4th February 2005)
L2TP Implementation
