Security Basics mailing list archives
RE: IPSec = L2TP?
From: Dave Killion <Dkillion () netscreen com>
Date: Tue, 30 Sep 2003 15:59:23 -0700
IPSec is not L2TP, however L2TP can ride *on top* of IPSec. Any protocol can traverse IPSec, but it needs to be routed in order to work, i.e. handed off to a gateway for processing. You can't do IPSec between two machines on the same layer 2 segment, which is what L2TP is for. L2TP over IPSec is a way for a remote machine on a completely different IP network to appear to be on the same network as others - and not being NAT'd. The remote computer *knows* what the IP is, since it's negotiated during the L2TP set up. L2TP shows up as an additional interface with it's own IP. Example: Machine A, Network A IP (L2TP: Network B IP) Network B (IPSEC out Network A's IP)======{Internet Cloud}=======(IPSec/L2TP Gateway) It looks like a direct-connect, and others on Network B see it as local. The L2TP gateway accepts ARP's for it, and pass traffic back down the L2TP-over-IPSEC tunnel. This is useful mostly for Windows traffic, which doesn't like to be NAT'd, and also spews out broadcast traffic - Outlook new mail notifications come to mind. Unix systems could care less, and typically work great over standard IPSec without issue. Basically, L2TP passes Layer 2 Broadcast traffic over a tunnel, whilst IPSec does not. I hope this information is helpful, Dave Killion Senior Security Engineer Security Group, NetScreen Technologies, Inc. -----Original Message----- From: Zachary Mutrux [mailto:zmutrux () compumentor org] Sent: Tuesday, September 30, 2003 2:46 PM To: Security-Basics Subject: IPSec = L2TP? Do most VPN solutions that use IPSec also use L2TP? Or are there other protocols that also use IPSec? I see a lot of mention of IPSec in the sales literature but no mention of L2TP. Thanks, Zac -- Zac Mutrux Technology Consultant CompuMentor 415-633-9437 ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ----
Attachment:
smime.p7s
Description:
Current thread:
- RE: IPSec = L2TP? Dave Killion (Oct 01)
- <Possible follow-ups>
- RE: IPSec = L2TP? Freilich, Robert (Oct 01)
- RE: IPSec = L2TP? Zachary Mutrux (Oct 01)
- RE: IPSec = L2TP? LordInfidel (Oct 01)